fkie_cve-2009-3728
Vulnerability from fkie_nvd
Published
2009-11-09 19:30
Modified
2024-11-21 01:08
Severity ?
Summary
Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.
References
secalert@redhat.comhttp://java.sun.com/j2se/1.5.0/ReleaseNotes.htmlVendor Advisory
secalert@redhat.comhttp://java.sun.com/javase/6/webnotes/6u17.htmlVendor Advisory
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
secalert@redhat.comhttp://secunia.com/advisories/37386
secalert@redhat.comhttp://secunia.com/advisories/37581
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200911-02.xml
secalert@redhat.comhttp://support.apple.com/kb/HT3969
secalert@redhat.comhttp://support.apple.com/kb/HT3970
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:084
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=530098
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10520
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6657
af854a3a-2127-422b-91ae-364da2661108http://java.sun.com/j2se/1.5.0/ReleaseNotes.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://java.sun.com/javase/6/webnotes/6u17.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37386
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37581
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200911-02.xml
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3969
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3970
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=530098
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10520
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6657
Impacted products
Vendor Product Version
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun openjdk *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC09E8-7F30-4FE4-912E-588AA250E2A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*",
              "matchCriteriaId": "A586DE4E-8A46-41DE-9FDB-5FDB81DCC87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*",
              "matchCriteriaId": "9919D091-73D7-465A-80FF-F37D6CAF9F46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*",
              "matchCriteriaId": "02565D6F-4CB2-4671-A4EF-3169BCFA6154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*",
              "matchCriteriaId": "452A3E51-9EAC-451D-BA04-A1E7B7D917EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*",
              "matchCriteriaId": "3E8C6AAC-C90B-4220-A69B-2A886A35CF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*",
              "matchCriteriaId": "55231B6B-9298-4363-9B5A-14C2DA7B1F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*",
              "matchCriteriaId": "E42CF0F7-418C-4BB6-9B73-FA3B9171D092",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*",
              "matchCriteriaId": "A5467E9D-07D8-4BEB-84D5-A3136C133519",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*",
              "matchCriteriaId": "B83B2CE1-45D7-47AD-BC0A-6EC74D5F8F5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*",
              "matchCriteriaId": "8A32F326-EA92-43CD-930E-E527B60CDD3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7EA5B9E9-654D-44F7-AE98-3D8B382804AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*",
              "matchCriteriaId": "04344167-530E-4A4D-90EF-74C684943DF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*",
              "matchCriteriaId": "B0E0373B-201D-408F-9234-A7EFE8B4970D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*",
              "matchCriteriaId": "44051CFE-D15D-4416-A123-F3E49C67A9E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*",
              "matchCriteriaId": "F296ACF3-1373-429D-B991-8B5BA704A7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "B863420B-DE16-416A-9640-1A1340A9B855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*",
              "matchCriteriaId": "724C972F-74FE-4044-BBC4-7E0E61FC9002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*",
              "matchCriteriaId": "46F41C15-0EF4-4115-BFAA-EEAD56FAEEDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*",
              "matchCriteriaId": "EBE909DE-E55A-4BD3-A5BF-ADE407432193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*",
              "matchCriteriaId": "5DAC04D2-68FD-4793-A8E7-4690A543D7D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "09027C19-D442-446F-B7A8-21DB6787CF43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "7158D2C0-E9AC-4CD6-B777-EA7B7A181997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "90EC6C13-4B37-48E5-8199-A702A944D5A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update10:*:*:*:*:*:*",
              "matchCriteriaId": "B6339EF9-97AC-4675-9971-7435A4B31432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update11:*:*:*:*:*:*",
              "matchCriteriaId": "6D1626F8-26F4-4EC5-A486-98808372425F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update12:*:*:*:*:*:*",
              "matchCriteriaId": "FA1BFE3B-3773-426B-9E69-250249E059C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update13:*:*:*:*:*:*",
              "matchCriteriaId": "46621D4B-CA2B-4EAC-884E-9CC9486F2F94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update14:*:*:*:*:*:*",
              "matchCriteriaId": "37FED4C9-7501-4DF3-B05E-0B460CBB2D9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update15:*:*:*:*:*:*",
              "matchCriteriaId": "6958538A-0C2E-460F-A130-70515AFBB6A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update16:*:*:*:*:*:*",
              "matchCriteriaId": "ABB1D4B3-54E6-455D-9238-B185DB012A43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update4:*:*:*:*:*:*",
              "matchCriteriaId": "360EF765-0C3A-4A13-9DA3-48928BB978E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "FBE651B3-3320-48E7-BDD5-74D3C609162C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update6:*:*:*:*:*:*",
              "matchCriteriaId": "2F435AA3-B716-4B3B-8873-3646E18CA600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update7:*:*:*:*:*:*",
              "matchCriteriaId": "4773DE1C-50EF-4561-B480-74C6BD64D449",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update8:*:*:*:*:*:*",
              "matchCriteriaId": "BB2B5C85-D6EE-4C0B-9228-A724D6C780C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update9:*:*:*:*:*:*",
              "matchCriteriaId": "60D59062-997B-44F1-95C6-619823F138A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E78309B-E13F-4B65-9F59-39A993B900AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en el m\u00e9todo ICC_Profile.getInstance en Java Runtime Environment (JRE) en Sun Java SE v5.0 anteriores a Update 22 y 6 anteriores a Update 17, y OpenJDK, permite a atacantes remotos saber que existen perfiles locales de color del consorcio internacional del color (IIC) a trav\u00e9s de .. (punto punto) en el path, tambi\u00e9n conocido como Bug Id 6631533."
    }
  ],
  "id": "CVE-2009-3728",
  "lastModified": "2024-11-21T01:08:04.047",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-11-09T19:30:00.390",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37386"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37581"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT3969"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT3970"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530098"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10520"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6657"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3969"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3970"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6657"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.