Lucene search

[email protected]NVD:CVE-2009-3880

HistoryNov 09, 2009 - 7:30 p.m.

CVE-2009-3880

2009-11-0919:30:00

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.5

Confidence

Low

EPSS

0.005

Percentile

76.9%

JSON

The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.

Affected configurations

Nvd

Node

sunjreRange≤1.5.0update_21

sunjreRange≤1.6.0update_16

sunjreMatch1.5.0update_1

sunjreMatch1.5.0update_11

sunjreMatch1.5.0update_12

sunjreMatch1.5.0update_13

sunjreMatch1.5.0update_14

sunjreMatch1.5.0update_15

sunjreMatch1.5.0update_16

sunjreMatch1.5.0update_17

sunjreMatch1.5.0update_18

sunjreMatch1.5.0update_19

sunjreMatch1.5.0update_2

sunjreMatch1.5.0update_20

sunjreMatch1.5.0update_3

sunjreMatch1.5.0update_4

sunjreMatch1.5.0update_5

sunjreMatch1.5.0update_6

sunjreMatch1.5.0update_7

sunjreMatch1.5.0update_8

sunjreMatch1.5.0update_9

sunjreMatch1.5.0update10

sunjreMatch1.6.0update_1

sunjreMatch1.6.0update_10

sunjreMatch1.6.0update_11

sunjreMatch1.6.0update_12

sunjreMatch1.6.0update_13

sunjreMatch1.6.0update_14

sunjreMatch1.6.0update_15

sunjreMatch1.6.0update_2

sunjreMatch1.6.0update_3

sunjreMatch1.6.0update_4

sunjreMatch1.6.0update_5

sunjreMatch1.6.0update_6

sunjreMatch1.6.0update_7

sunjreMatch1.6.0update_8

sunjreMatch1.6.0update_9

sunopenjdk

VendorProductVersionCPE
sunjre*cpe:2.3:a:sun:jre:*:update_21:*:*:*:*:*:*
sunjre*cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:*
sunjre1.5.0cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*
sunjre1.5.0cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*
sunjre1.5.0cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*
sunjre1.5.0cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*
sunjre1.5.0cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*
sunjre1.5.0cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*
sunjre1.5.0cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*
sunjre1.5.0cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*

Vendor	Product	Version	CPE
sun	jre	*	cpe:2.3:a:sun:jre::update_21::::::*
sun	jre	*	cpe:2.3:a:sun:jre::update_16::::::*
sun	jre	1.5.0	cpe:2.3:a:sun:jre:1.5.0:update_1::::::
sun	jre	1.5.0	cpe:2.3:a:sun:jre:1.5.0:update_11::::::
sun	jre	1.5.0	cpe:2.3:a:sun:jre:1.5.0:update_12::::::
sun	jre	1.5.0	cpe:2.3:a:sun:jre:1.5.0:update_13::::::
sun	jre	1.5.0	cpe:2.3:a:sun:jre:1.5.0:update_14::::::
sun	jre	1.5.0	cpe:2.3:a:sun:jre:1.5.0:update_15::::::
sun	jre	1.5.0	cpe:2.3:a:sun:jre:1.5.0:update_16::::::
sun	jre	1.5.0	cpe:2.3:a:sun:jre:1.5.0:update_17::::::