CVE-2009-3883 — Sensitive Information Exposure in JDK

CWE-200 — Sensitive Information Exposure6 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 28.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE

Timeline

PublishedNov 9

Latest updateMay 2

Description

Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDsun/jdk1.5.0+3

▶NVDsun/jre1.5.0+3

🔴Vulnerability Details

GHSA

GHSA-j4h5-r7cj-3jwc: Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5↗2022-05-02

▶

CVEList

CVE-2009-3883: Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5↗2009-11-09

▶

📋Vendor Advisories

Ubuntu

OpenJDK vulnerabilities↗2009-11-12

▶

Red Hat

OpenJDK information leaks in mutable variables (6657026,6657138)↗2009-11-03

▶

💬Community

Bugzilla

CVE-2009-3882 CVE-2009-3883 OpenJDK information leaks in mutable variables (6657026,6657138)↗2009-10-21

▶