Lucene search

[email protected]CVE-2009-3881

HistoryNov 09, 2009 - 7:30 p.m.

CVE-2009-3881

2009-11-0919:30:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2009-3881

sun java se

update 22

update 17

openjdk

classloader

remote attack

information leak

bug id 6636650

6.4 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.5%

JSON

Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an “information leak vulnerability,” aka Bug Id 6636650.

CPENameOperatorVersion
sun:jresun jreeq1.6.0
sun:jresun jreeq1.5.0
sun:openjdksun openjdkeq*

CPE	Name	Operator	Version
sun:jre	sun jre	eq	1.6.0
sun:jre	sun jre	eq	1.5.0
sun:openjdk	sun openjdk	eq	*

References

java.sun.com/j2se/1.5.0/ReleaseNotes.html

java.sun.com/javase/6/webnotes/6u17.html

secunia.com/advisories/37386

security.gentoo.org/glsa/glsa-200911-02.xml

www.mandriva.com/security/advisories?name=MDVSA-2010:084

bugzilla.redhat.com/show_bug.cgi?id=530173

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11484

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6906

6.4 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.5%

JSON

Related for CVE-2009-3881

cvelist1 veracode1 ubuntucve1 prion1 openvas26 fedora3 oraclelinux1 securityvulns1 nessus20 centos1 redhat4 ubuntu1 vmware2 gentoo1