Lucene search

[email protected]CVE-2009-3883

HistoryNov 09, 2009 - 7:30 p.m.

CVE-2009-3883

2009-11-0919:30:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2009-3883

sun java se

windows pluggable look and feel

swing implementation

openjdk

remote attack vectors

information leaks

mutable variables

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.3%

JSON

Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to “information leaks in mutable variables,” aka Bug Id 6657138.

Affected configurations

NVD

Node

sunopenjdk

Node

sunjreRange≤1.5.0update21

sunjreMatch1.5.0

sunjreMatch1.5.0update1

sunjreMatch1.5.0update10

sunjreMatch1.5.0update11

sunjreMatch1.5.0update12

sunjreMatch1.5.0update13

sunjreMatch1.5.0update14

sunjreMatch1.5.0update15

sunjreMatch1.5.0update16

sunjreMatch1.5.0update17

sunjreMatch1.5.0update18

sunjreMatch1.5.0update19

sunjreMatch1.5.0update2

sunjreMatch1.5.0update20

sunjreMatch1.5.0update3

sunjreMatch1.5.0update4

sunjreMatch1.5.0update5

sunjreMatch1.5.0update6

sunjreMatch1.5.0update7

sunjreMatch1.5.0update8

sunjreMatch1.5.0update9

Node

sunjreRange≤1.6.0update16

sunjreMatch1.6.0

sunjreMatch1.6.0update_1

sunjreMatch1.6.0update_2

sunjreMatch1.6.0update_3

sunjreMatch1.6.0update10

sunjreMatch1.6.0update11

sunjreMatch1.6.0update12

sunjreMatch1.6.0update13

sunjreMatch1.6.0update14

sunjreMatch1.6.0update15

sunjreMatch1.6.0update4

sunjreMatch1.6.0update5

sunjreMatch1.6.0update6

sunjreMatch1.6.0update7

sunjreMatch1.6.0update8

sunjreMatch1.6.0update9

Node

sunjdkRange≤1.5.0update21

sunjdkMatch1.5.0

sunjdkMatch1.5.0update1

sunjdkMatch1.5.0update10

sunjdkMatch1.5.0update11

sunjdkMatch1.5.0update12

sunjdkMatch1.5.0update13

sunjdkMatch1.5.0update14

sunjdkMatch1.5.0update15

sunjdkMatch1.5.0update16

sunjdkMatch1.5.0update17

sunjdkMatch1.5.0update18

sunjdkMatch1.5.0update19

sunjdkMatch1.5.0update2

sunjdkMatch1.5.0update20

sunjdkMatch1.5.0update3

sunjdkMatch1.5.0update4

sunjdkMatch1.5.0update5

sunjdkMatch1.5.0update6

sunjdkMatch1.5.0update7

sunjdkMatch1.5.0update8

sunjdkMatch1.5.0update9

Node

sunjdkRange≤1.6.0update16

sunjdkMatch1.6.0

sunjdkMatch1.6.0update1

sunjdkMatch1.6.0update10

sunjdkMatch1.6.0update11

sunjdkMatch1.6.0update12

sunjdkMatch1.6.0update13

sunjdkMatch1.6.0update14

sunjdkMatch1.6.0update15

sunjdkMatch1.6.0update2

sunjdkMatch1.6.0update3

sunjdkMatch1.6.0update4

sunjdkMatch1.6.0update5

sunjdkMatch1.6.0update6

sunjdkMatch1.6.0update7

sunjdkMatch1.6.0update8

sunjdkMatch1.6.0update9

CPENameOperatorVersion
sun:openjdksun openjdkeq*

CPE	Name	Operator	Version
sun:openjdk	sun openjdk	eq	*

References

java.sun.com/j2se/1.5.0/ReleaseNotes.html

java.sun.com/javase/6/webnotes/6u17.html

secunia.com/advisories/37386

security.gentoo.org/glsa/glsa-200911-02.xml

www.mandriva.com/security/advisories?name=MDVSA-2010:084

bugzilla.redhat.com/show_bug.cgi?id=530175

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10191

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6968

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.3%

JSON

Related for CVE-2009-3883

ubuntucve1 prion1 veracode1 nvd1 cvelist1 openvas26 nessus18 fedora3 redhat4 centos1 oraclelinux1 securityvulns1 ubuntu1 vmware2 gentoo1