CVE-2009-3884

Published: Nov 9, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.

Affected (38)

Products: Sun: Jre, Openjdk

2 products

Configuration A

38 vulnerable

Vulnerable Software	Affected Versions
Sun Jre	Up to 1.6.0
Sun Jre	Up to 1.5.0
Sun Jre	Version 1.5.0 update10
Sun Jre	Version 1.5.0 update_11
Sun Jre	Version 1.5.0 update_12
Sun Jre	Version 1.5.0 update_13
Sun Jre	Version 1.5.0 update_14
Sun Jre	Version 1.5.0 update_15
Sun Jre	Version 1.5.0 update_16
Sun Jre	Version 1.5.0 update_17
Sun Jre	Version 1.5.0 update_18
Sun Jre	Version 1.5.0 update_19
Sun Jre	Version 1.5.0 update_1
Sun Jre	Version 1.5.0 update_20
Sun Jre	Version 1.5.0 update_2
Sun Jre	Version 1.5.0 update_3
Sun Jre	Version 1.5.0 update_4
Sun Jre	Version 1.5.0 update_5
Sun Jre	Version 1.5.0 update_6
Sun Jre	Version 1.5.0 update_7
Sun Jre	Version 1.5.0 update_8
Sun Jre	Version 1.5.0 update_9
Sun Jre	Version 1.6.0 update_10
Sun Jre	Version 1.6.0 update_11
Sun Jre	Version 1.6.0 update_12
Sun Jre	Version 1.6.0 update_13
Sun Jre	Version 1.6.0 update_14
Sun Jre	Version 1.6.0 update_15
Sun Jre	Version 1.6.0 update_1
Sun Jre	Version 1.6.0 update_2
Sun Jre	Version 1.6.0 update_3
Sun Jre	Version 1.6.0 update_4
Sun Jre	Version 1.6.0 update_5
Sun Jre	Version 1.6.0 update_6
Sun Jre	Version 1.6.0 update_7
Sun Jre	Version 1.6.0 update_8
Sun Jre	Version 1.6.0 update_9
Sun Openjdk	All versions

References (26)

http://java.sun.com/j2se/1.5.0/ReleaseNotes.html

Source: secalert@redhat.com

Vendor Advisory

http://java.sun.com/javase/6/webnotes/6u17.html

Source: secalert@redhat.com

Vendor Advisory

http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html

Source: secalert@redhat.com

http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html

Source: secalert@redhat.com

http://secunia.com/advisories/37386

Source: secalert@redhat.com

http://secunia.com/advisories/37581

Source: secalert@redhat.com

http://security.gentoo.org/glsa/glsa-200911-02.xml

Source: secalert@redhat.com

http://support.apple.com/kb/HT3969

Source: secalert@redhat.com

http://support.apple.com/kb/HT3970

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2010:084

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=530300

Source: secalert@redhat.com

Vendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11686

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6960

Source: secalert@redhat.com

http://java.sun.com/j2se/1.5.0/ReleaseNotes.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://java.sun.com/javase/6/webnotes/6u17.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/37386

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/37581

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200911-02.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT3969

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT3970

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2010:084

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=530300

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11686

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6960

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.