CVE-2009-2672 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-2672 Interim 1 11 2023-12-09T02:03:11Z current 2021-05-30T12:47:53Z 2023-12-09T02:03:11Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-2672 The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2DXKHDFF74PD2OGINYNGBA3S5UHPSOTC/#2DXKHDFF74PD2OGINYNGBA3S5UHPSOTC E-Mail link for SUSE-SA:2009:043 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GXVSTLPUAV3GDYABYDPAJVPZORMSTZLN/#GXVSTLPUAV3GDYABYDPAJVPZORMSTZLN E-Mail link for SUSE-SA:2009:053 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ONCZEJ2OSRDB5UJWYUEBLKJ7IUHPOR62/#ONCZEJ2OSRDB5UJWYUEBLKJ7IUHPOR62 E-Mail link for SUSE-SR:2009:016 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 java-1_6_0-ibm-1.6.0_sr6-1.1.1 java-1_6_0-ibm-alsa-1.6.0_sr6-1.1.1 java-1_6_0-ibm-alsa-x86-1.6.0-124.7.1 java-1_6_0-ibm-fonts-1.6.0_sr6-1.1.1 java-1_6_0-ibm-jdbc-1.6.0_sr6-1.1.1 java-1_6_0-ibm-plugin-1.6.0_sr6-1.1.1 java-1_6_0-ibm-x86-1.6.0-124.7.1 java-1_6_0-ibm-1.6.0_sr6-1.1.1 as a component of SUSE Linux Enterprise Server 11 java-1_6_0-ibm-alsa-1.6.0_sr6-1.1.1 as a component of SUSE Linux Enterprise Server 11 java-1_6_0-ibm-alsa-x86-1.6.0-124.7.1 as a component of SUSE Linux Enterprise Server 11 java-1_6_0-ibm-fonts-1.6.0_sr6-1.1.1 as a component of SUSE Linux Enterprise Server 11 java-1_6_0-ibm-jdbc-1.6.0_sr6-1.1.1 as a component of SUSE Linux Enterprise Server 11 java-1_6_0-ibm-plugin-1.6.0_sr6-1.1.1 as a component of SUSE Linux Enterprise Server 11 java-1_6_0-ibm-x86-1.6.0-124.7.1 as a component of SUSE Linux Enterprise Server 11 java-1_6_0-ibm-1.6.0_sr6-1.1.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 java-1_6_0-ibm-alsa-1.6.0_sr6-1.1.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 java-1_6_0-ibm-alsa-x86-1.6.0-124.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 java-1_6_0-ibm-fonts-1.6.0_sr6-1.1.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 java-1_6_0-ibm-jdbc-1.6.0_sr6-1.1.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 java-1_6_0-ibm-plugin-1.6.0_sr6-1.1.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 java-1_6_0-ibm-x86-1.6.0-124.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors. CVE-2009-2672 SUSE Linux Enterprise Server 11:java-1_6_0-ibm-1.6.0_sr6-1.1.1 SUSE Linux Enterprise Server 11:java-1_6_0-ibm-alsa-1.6.0_sr6-1.1.1 SUSE Linux Enterprise Server 11:java-1_6_0-ibm-alsa-x86-1.6.0-124.7.1 SUSE Linux Enterprise Server 11:java-1_6_0-ibm-fonts-1.6.0_sr6-1.1.1 SUSE Linux Enterprise Server 11:java-1_6_0-ibm-jdbc-1.6.0_sr6-1.1.1 SUSE Linux Enterprise Server 11:java-1_6_0-ibm-plugin-1.6.0_sr6-1.1.1 SUSE Linux Enterprise Server 11:java-1_6_0-ibm-x86-1.6.0-124.7.1 SUSE Linux Enterprise Server for SAP Applications 11:java-1_6_0-ibm-1.6.0_sr6-1.1.1 SUSE Linux Enterprise Server for SAP Applications 11:java-1_6_0-ibm-alsa-1.6.0_sr6-1.1.1 SUSE Linux Enterprise Server for SAP Applications 11:java-1_6_0-ibm-alsa-x86-1.6.0-124.7.1 SUSE Linux Enterprise Server for SAP Applications 11:java-1_6_0-ibm-fonts-1.6.0_sr6-1.1.1 SUSE Linux Enterprise Server for SAP Applications 11:java-1_6_0-ibm-jdbc-1.6.0_sr6-1.1.1 SUSE Linux Enterprise Server for SAP Applications 11:java-1_6_0-ibm-plugin-1.6.0_sr6-1.1.1 SUSE Linux Enterprise Server for SAP Applications 11:java-1_6_0-ibm-x86-1.6.0-124.7.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P