CVE-2009-3884JRE vulnerability

7 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
1.3%
top 19.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SUN JRE
Timeline
PublishedNov 9
Latest updateMay 2

Description

The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDsun/jre1.5.0+3

🔴Vulnerability Details

2
GHSA
GHSA-pc3p-mx4p-7j4f: The TimeZone2022-05-02
CVEList
CVE-2009-3884: The TimeZone2009-11-09

💥Exploits & PoCs

1
Exploit-DB
HP Application Recovery Manager - 'OmniInet.exe' Remote Buffer Overflow2009-12-26

📋Vendor Advisories

2
Ubuntu
OpenJDK vulnerabilities2009-11-12
Red Hat
OpenJDK zoneinfo file existence information leak (6824265)2009-11-03

💬Community

1
Bugzilla
CVE-2009-3884 OpenJDK zoneinfo file existence information leak (6824265)2009-10-22
CVE-2009-3884 — SUN JRE vulnerability | cvebase