VYPR
Unrated severityNVD Advisory· Published Aug 10, 2009· Updated Jun 16, 2026

CVE-2009-2475

CVE-2009-2475

Description

Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • cpe:2.3:a:sun:java_se:*:14:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:sun:java_se:*:14:*:*:*:*:*:*range: <=6
    • cpe:2.3:a:sun:java_se:*:20:*:*:*:*:*:*range: <=5.0
    • (no CPE)range: >= 5.0 < Update 20; >= 6 < Update 15
  • cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

21

News mentions

0

No linked articles in our index yet.