Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2009-3728

Published: 09/11/2009 Updated: 30/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Jre

Vulnerability Summary

Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote malicious users to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.

Vulnerable Product Search on Vulmon Subscribe to Product

sun jre 1.5.0

sun jre 1.6.0

sun openjdk

Vendor Advisories

Ubuntu Security Notice: openjdk-6 vulnerabilities
Dan Kaminsky discovered that SSL certificates signed with MD2 could be spoofed given enough time As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site This update handles this issue by completely disabling MD2 for certificate validation in OpenJDK (CVE-2009-2409) ...

Exploits

Exploit DB: Netragard Security Advisory 2009-12-19
Netragard, LLC Advisory - Mac OS X Java Runtime suffers from buffer overflows that allow for remote code execution ...

References

CWE-22https://bugzilla.redhat.com/show_bug.cgi?id=530098http://java.sun.com/j2se/1.5.0/ReleaseNotes.htmlhttp://java.sun.com/javase/6/webnotes/6u17.htmlhttp://security.gentoo.org/glsa/glsa-200911-02.xmlhttp://lists.apple.com/archives/security-announce/2009/Dec/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2009/Dec/msg00001.htmlhttp://support.apple.com/kb/HT3970http://secunia.com/advisories/37581http://support.apple.com/kb/HT3969http://secunia.com/advisories/37386http://www.mandriva.com/security/advisories?name=MDVSA-2010:084https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6657https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10520https://nvd.nist.govhttps://usn.ubuntu.com/859-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook