CVE-2009-3880

Published: Nov 9, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.

Affected (38)

Products: Sun: Jre, Openjdk

Sun

2 products

Jre

Openjdk

Configuration A

38 vulnerable

Vulnerable Software	Affected Versions
Sun Jre	Up to 1.6.0
Sun Jre	Up to 1.5.0
Sun Jre	Version 1.5.0 update10
Sun Jre	Version 1.5.0 update_11
Sun Jre	Version 1.5.0 update_12
Sun Jre	Version 1.5.0 update_13
Sun Jre	Version 1.5.0 update_14
Sun Jre	Version 1.5.0 update_15
Sun Jre	Version 1.5.0 update_16
Sun Jre	Version 1.5.0 update_17
Sun Jre	Version 1.5.0 update_18
Sun Jre	Version 1.5.0 update_19
Sun Jre	Version 1.5.0 update_1
Sun Jre	Version 1.5.0 update_20
Sun Jre	Version 1.5.0 update_2
Sun Jre	Version 1.5.0 update_3
Sun Jre	Version 1.5.0 update_4
Sun Jre	Version 1.5.0 update_5
Sun Jre	Version 1.5.0 update_6
Sun Jre	Version 1.5.0 update_7
Sun Jre	Version 1.5.0 update_8
Sun Jre	Version 1.5.0 update_9
Sun Jre	Version 1.6.0 update_10
Sun Jre	Version 1.6.0 update_11
Sun Jre	Version 1.6.0 update_12
Sun Jre	Version 1.6.0 update_13
Sun Jre	Version 1.6.0 update_14
Sun Jre	Version 1.6.0 update_15
Sun Jre	Version 1.6.0 update_1
Sun Jre	Version 1.6.0 update_2
Sun Jre	Version 1.6.0 update_3
Sun Jre	Version 1.6.0 update_4
Sun Jre	Version 1.6.0 update_5
Sun Jre	Version 1.6.0 update_6
Sun Jre	Version 1.6.0 update_7
Sun Jre	Version 1.6.0 update_8
Sun Jre	Version 1.6.0 update_9
Sun Openjdk	All versions