CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
76.9%
The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.
Vendor | Product | Version | CPE |
---|---|---|---|
sun | jre | * | cpe:2.3:a:sun:jre:*:update_21:*:*:*:*:*:* |
sun | jre | * | cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:* |
sun | jre | 1.5.0 | cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:* |
sun | jre | 1.5.0 | cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:* |
sun | jre | 1.5.0 | cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:* |
sun | jre | 1.5.0 | cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:* |
sun | jre | 1.5.0 | cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:* |
sun | jre | 1.5.0 | cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:* |
sun | jre | 1.5.0 | cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:* |
sun | jre | 1.5.0 | cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:* |
java.sun.com/j2se/1.5.0/ReleaseNotes.html
java.sun.com/javase/6/webnotes/6u17.html
secunia.com/advisories/37386
security.gentoo.org/glsa/glsa-200911-02.xml
www.mandriva.com/security/advisories?name=MDVSA-2010:084
bugzilla.redhat.com/show_bug.cgi?id=530296
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10761
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7316