CVE-2009-3881 — Sensitive Information Exposure in JRE

CWE-200 — Sensitive Information Exposure6 documents6 sources

Severity

7.5HIGHNVD

EPSS

1.3%

top 20.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JRE

Timeline

PublishedNov 9

Latest updateMay 2

Description

Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDsun/jre1.5.0+3

🔴Vulnerability Details

GHSA

GHSA-f9mh-6367-45hp: Sun Java SE 5↗2022-05-02

▶

CVEList

CVE-2009-3881: Sun Java SE 5↗2009-11-09

▶

📋Vendor Advisories

Ubuntu

OpenJDK vulnerabilities↗2009-11-12

▶

Red Hat

OpenJDK resurrected classloaders can still have children (6636650)↗2009-11-03

▶

💬Community

Bugzilla

CVE-2009-3881 OpenJDK resurrected classloaders can still have children (6636650)↗2009-10-21

▶