Search for vulnerabilities
Vulnerability details: VCID-aecb-qs1b-aaab
Vulnerability ID VCID-aecb-qs1b-aaab
Aliases CVE-2009-2476
Summary The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
generic_textual MODERATE http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
rhas Critical https://access.redhat.com/errata/RHSA-2009:1200
rhas Important https://access.redhat.com/errata/RHSA-2009:1201
epss 0.01189 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01189 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01189 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01189 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
epss 0.05554 https://api.first.org/data/v1/epss?cve=CVE-2009-2476
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=513220
generic_textual MODERATE http://secunia.com/advisories/36162
generic_textual MODERATE http://secunia.com/advisories/36176
generic_textual MODERATE http://secunia.com/advisories/36180
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2009-2476
generic_textual MODERATE https://rhn.redhat.com/errata/RHSA-2009-1200.html
generic_textual MODERATE https://rhn.redhat.com/errata/RHSA-2009-1201.html
generic_textual MODERATE https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
generic_textual MODERATE https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
generic_textual MODERATE http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
generic_textual MODERATE http://www.vupen.com/english/advisories/2009/2543
Reference id Reference type URL
http://java.sun.com/javase/6/webnotes/6u15.html
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2476.json
https://api.first.org/data/v1/epss?cve=CVE-2009-2476
http://secunia.com/advisories/36162
http://secunia.com/advisories/36176
http://secunia.com/advisories/36180
http://secunia.com/advisories/37386
http://security.gentoo.org/glsa/glsa-200911-02.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10381
https://rhn.redhat.com/errata/RHSA-2009-1200.html
https://rhn.redhat.com/errata/RHSA-2009-1201.html
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
http://www.vupen.com/english/advisories/2009/2543
513220 https://bugzilla.redhat.com/show_bug.cgi?id=513220
cpe:2.3:a:sun:java_se:*:14:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:java_se:*:14:*:*:*:*:*:*
cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*
CVE-2009-2476 https://nvd.nist.gov/vuln/detail/CVE-2009-2476
GLSA-200911-02 https://security.gentoo.org/glsa/200911-02
RHSA-2009:1200 https://access.redhat.com/errata/RHSA-2009:1200
RHSA-2009:1201 https://access.redhat.com/errata/RHSA-2009:1201
USN-814-1 https://usn.ubuntu.com/814-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2009-2476
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.84832
EPSS Score 0.01189
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.