CVE-2009-3881

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2009-3881
Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=530173
http://java.sun.com/javase/6/webnotes/6u17.html Vendor Advisory
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html Vendor Advisory
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://secunia.com/advisories/37386
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6906
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11484
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_9:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_8:*:*:*:*:*:*
Information

Published : 2009-11-09 11:30

Updated : 2017-09-18 18:29

NVD link : CVE-2009-3881

Mitre link : CVE-2009-3881

JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa
Products Affected

sun

  • openjdk
  • jre