CVE-2009-2475: Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain
infovulnerability
security
Summary
Java SE versions 5.0 (before Update 20) and 6 (before Update 15), as well as OpenJDK, have a vulnerability where attackers could access sensitive information through static variables (data that stays the same for the entire program) that weren't marked as final (unchangeable). This affects multiple Java components across different libraries.
Solution / Mitigation
Update Java SE 5.0 to Update 20 or later, and Java SE 6 to Update 15 or later.
Vulnerability Details
CVSS Score
7.8
EPSS (30-day exploit probability)
EPSS: 0.7%
Classification
Attack SophisticationModerate
Original source: https://nvd.nist.gov/vuln/detail/CVE-2009-2475
First tracked: February 15, 2026 at 08:43 PM
Classified by LLM (prompt v3) · confidence: 95%