Lucene search

RedhatCVE-2009-3881

HistoryNov 09, 2009 - 7:30 p.m.

CVE-2009-3881

2009-11-0919:30:00

CWE-200

redhat

web.nvd.nist.gov

cve-2009-3881

sun java se

update 22

update 17

openjdk

classloader

remote attack

information leak

bug id 6636650

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.019

Percentile

88.5%

JSON

Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an “information leak vulnerability,” aka Bug Id 6636650.

Affected configurations

Nvd

Node

sunjreRange≤1.5.0update_21

sunjreRange≤1.6.0update_16

sunjreMatch1.5.0update_1

sunjreMatch1.5.0update_11

sunjreMatch1.5.0update_12

sunjreMatch1.5.0update_13

sunjreMatch1.5.0update_14

sunjreMatch1.5.0update_15

sunjreMatch1.5.0update_16

sunjreMatch1.5.0update_17

sunjreMatch1.5.0update_18

sunjreMatch1.5.0update_19

sunjreMatch1.5.0update_2

sunjreMatch1.5.0update_20

sunjreMatch1.5.0update_3

sunjreMatch1.5.0update_4

sunjreMatch1.5.0update_5

sunjreMatch1.5.0update_6

sunjreMatch1.5.0update_7

sunjreMatch1.5.0update_8

sunjreMatch1.5.0update_9

sunjreMatch1.5.0update10

sunjreMatch1.6.0update_1

sunjreMatch1.6.0update_10

sunjreMatch1.6.0update_11

sunjreMatch1.6.0update_12

sunjreMatch1.6.0update_13

sunjreMatch1.6.0update_14

sunjreMatch1.6.0update_15

sunjreMatch1.6.0update_2

sunjreMatch1.6.0update_3

sunjreMatch1.6.0update_4

sunjreMatch1.6.0update_5

sunjreMatch1.6.0update_6

sunjreMatch1.6.0update_7

sunjreMatch1.6.0update_8

sunjreMatch1.6.0update_9

sunopenjdk

VendorProductVersionCPE
sunjre*cpe:2.3:a:sun:jre:*:update_21:*:*:*:*:*:*
sunjre*cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:*
sunjre1.5.0cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*
sunjre1.5.0cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*
sunjre1.5.0cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*
sunjre1.5.0cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*
sunjre1.5.0cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*
sunjre1.5.0cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*
sunjre1.5.0cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*
sunjre1.5.0cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*

Vendor	Product	Version	CPE
sun	jre	*	cpe:2.3:a:sun:jre::update_21::::::*
sun	jre	*	cpe:2.3:a:sun:jre::update_16::::::*
sun	jre	1.5.0	cpe:2.3:a:sun:jre:1.5.0:update_1::::::
sun	jre	1.5.0	cpe:2.3:a:sun:jre:1.5.0:update_11::::::
sun	jre	1.5.0	cpe:2.3:a:sun:jre:1.5.0:update_12::::::
sun	jre	1.5.0	cpe:2.3:a:sun:jre:1.5.0:update_13::::::
sun	jre	1.5.0	cpe:2.3:a:sun:jre:1.5.0:update_14::::::
sun	jre	1.5.0	cpe:2.3:a:sun:jre:1.5.0:update_15::::::
sun	jre	1.5.0	cpe:2.3:a:sun:jre:1.5.0:update_16::::::
sun	jre	1.5.0	cpe:2.3:a:sun:jre:1.5.0:update_17::::::