CVE-2009-3880JRE vulnerability

CWE-2646 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
0.5%
top 34.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SUN JRE
Timeline
PublishedNov 9
Latest updateMay 2

Description

The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDsun/jre1.5.0+3

🔴Vulnerability Details

2
GHSA
GHSA-2q37-8v55-frjg: The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 52022-05-02
CVEList
CVE-2009-3880: The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 52009-11-09

📋Vendor Advisories

2
Ubuntu
OpenJDK vulnerabilities2009-11-12
Red Hat
OpenJDK UI logging information leakage(6664512)2009-11-03

💬Community

1
Bugzilla
CVE-2009-3880 OpenJDK UI logging information leakage(6664512)2009-10-22
CVE-2009-3880 — SUN JRE vulnerability | cvebase