CVE-2009-3884

The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.
References
Link Resource
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html Vendor Advisory
http://java.sun.com/javase/6/webnotes/6u17.html Vendor Advisory
http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
http://secunia.com/advisories/37386
http://secunia.com/advisories/37581
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://support.apple.com/kb/HT3969
http://support.apple.com/kb/HT3970
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
https://bugzilla.redhat.com/show_bug.cgi?id=530300 Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11686
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6960
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html Vendor Advisory
http://java.sun.com/javase/6/webnotes/6u17.html Vendor Advisory
http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
http://secunia.com/advisories/37386
http://secunia.com/advisories/37581
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://support.apple.com/kb/HT3969
http://support.apple.com/kb/HT3970
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
https://bugzilla.redhat.com/show_bug.cgi?id=530300 Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11686
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6960
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sun:jre:*:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_9:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*
cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:08

Type Values Removed Values Added
References () http://java.sun.com/j2se/1.5.0/ReleaseNotes.html - Vendor Advisory () http://java.sun.com/j2se/1.5.0/ReleaseNotes.html - Vendor Advisory
References () http://java.sun.com/javase/6/webnotes/6u17.html - Vendor Advisory () http://java.sun.com/javase/6/webnotes/6u17.html - Vendor Advisory
References () http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html - () http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html -
References () http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html - () http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html -
References () http://secunia.com/advisories/37386 - () http://secunia.com/advisories/37386 -
References () http://secunia.com/advisories/37581 - () http://secunia.com/advisories/37581 -
References () http://security.gentoo.org/glsa/glsa-200911-02.xml - () http://security.gentoo.org/glsa/glsa-200911-02.xml -
References () http://support.apple.com/kb/HT3969 - () http://support.apple.com/kb/HT3969 -
References () http://support.apple.com/kb/HT3970 - () http://support.apple.com/kb/HT3970 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 - () http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=530300 - Vendor Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=530300 - Vendor Advisory
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11686 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11686 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6960 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6960 -

Information

Published : 2009-11-09 19:30

Updated : 2024-11-21 01:08


NVD link : CVE-2009-3884

Mitre link : CVE-2009-3884

CVE.ORG link : CVE-2009-3884


JSON object : View

Products Affected

sun

  • openjdk
  • jre