← Back

CVE-2009-3728

nvd nist
Published: Nov 9, 2009Modified: Apr 23, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.

Affected (38)

Products: Sun: Jre, Openjdk
Sun
2 products
Jre
Openjdk
Configuration A
38 vulnerable
Vulnerable SoftwareAffected Versions
Sun
Jre
Version 1.5.0 update10
Jre
Version 1.5.0 update11
Jre
Version 1.5.0 update12
Jre
Version 1.5.0 update13
Jre
Version 1.5.0 update14
Jre
Version 1.5.0 update15
Jre
Version 1.5.0 update16
Jre
Version 1.5.0 update17
Jre
Version 1.5.0 update18
Jre
Version 1.5.0 update19
Jre
Version 1.5.0 update1
Jre
Version 1.5.0 update20
Jre
Version 1.5.0 update21
Jre
Version 1.5.0 update2
Jre
Version 1.5.0 update3
Jre
Version 1.5.0 update4
Jre
Version 1.5.0 update5
Jre
Version 1.5.0 update6
Jre
Version 1.5.0 update7
Jre
Version 1.5.0 update8
Jre
Version 1.5.0 update9
Jre
Version 1.6.0 update10
Jre
Version 1.6.0 update11
Jre
Version 1.6.0 update12
Jre
Version 1.6.0 update13
Jre
Version 1.6.0 update14
Jre
Version 1.6.0 update15
Jre
Version 1.6.0 update16
Jre
Version 1.6.0 update4
Jre
Version 1.6.0 update5
Jre
Version 1.6.0 update6
Jre
Version 1.6.0 update7
Jre
Version 1.6.0 update8
Jre
Version 1.6.0 update9
Jre
Version 1.6.0 update_1
Jre
Version 1.6.0 update_2
Jre
Version 1.6.0 update_3
Openjdk
All versions

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (26)

Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.