Lucene search

[email protected]CVE-2009-3884

HistoryNov 09, 2009 - 7:30 p.m.

CVE-2009-3884

2009-11-0919:30:00

[email protected]

web.nvd.nist.gov

cve-2009-3884

sun java

remote attack

file disclosure

bug id 6824265

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.8 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.9%

JSON

The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.

Affected configurations

NVD

Node

sunjreRange≤1.5.0update_21

sunjreRange≤1.6.0update_16

sunjreMatch1.5.0update_1

sunjreMatch1.5.0update_11

sunjreMatch1.5.0update_12

sunjreMatch1.5.0update_13

sunjreMatch1.5.0update_14

sunjreMatch1.5.0update_15

sunjreMatch1.5.0update_16

sunjreMatch1.5.0update_17

sunjreMatch1.5.0update_18

sunjreMatch1.5.0update_19

sunjreMatch1.5.0update_2

sunjreMatch1.5.0update_20

sunjreMatch1.5.0update_3

sunjreMatch1.5.0update_4

sunjreMatch1.5.0update_5

sunjreMatch1.5.0update_6

sunjreMatch1.5.0update_7

sunjreMatch1.5.0update_8

sunjreMatch1.5.0update_9

sunjreMatch1.5.0update10

sunjreMatch1.6.0update_1

sunjreMatch1.6.0update_10

sunjreMatch1.6.0update_11

sunjreMatch1.6.0update_12

sunjreMatch1.6.0update_13

sunjreMatch1.6.0update_14

sunjreMatch1.6.0update_15

sunjreMatch1.6.0update_2

sunjreMatch1.6.0update_3

sunjreMatch1.6.0update_4

sunjreMatch1.6.0update_5

sunjreMatch1.6.0update_6

sunjreMatch1.6.0update_7

sunjreMatch1.6.0update_8

sunjreMatch1.6.0update_9

sunopenjdk

CPENameOperatorVersion
sun:jresun jrele1.5.0
sun:jresun jrele1.6.0
sun:openjdksun openjdkeq*

CPE	Name	Operator	Version
sun:jre	sun jre	le	1.5.0
sun:jre	sun jre	le	1.6.0
sun:openjdk	sun openjdk	eq	*

References

java.sun.com/j2se/1.5.0/ReleaseNotes.html

java.sun.com/javase/6/webnotes/6u17.html

lists.apple.com/archives/security-announce/2009/Dec/msg00000.html

lists.apple.com/archives/security-announce/2009/Dec/msg00001.html

secunia.com/advisories/37386

secunia.com/advisories/37581

security.gentoo.org/glsa/glsa-200911-02.xml

support.apple.com/kb/HT3969

support.apple.com/kb/HT3970

www.mandriva.com/security/advisories?name=MDVSA-2010:084

bugzilla.redhat.com/show_bug.cgi?id=530300

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11686

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6960

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.8 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.9%

JSON

Related for CVE-2009-3884

prion1 cvelist1 ubuntucve1 veracode1 nvd1 openvas30 packetstorm1 nessus22 fedora3 redhat4 oraclelinux1 centos1 securityvulns1 ubuntu1 vmware2 gentoo1