Vulnerability CVE-2009-3728

Vulnerability Name:

CVE-2009-3728 (CCN-54261)

Assigned:

2009-11-03

Published:

2009-11-03

Updated:

2018-10-30

Summary:

Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (REDHAT CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.3 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-22

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2009-3728

Source: CCN
Type: Sun Microsystems Web site
JDK 5.0 Update 22 Release Notes

Source: CONFIRM
Type: Vendor Advisory
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html

Source: CONFIRM
Type: Vendor Advisory
http://java.sun.com/javase/6/webnotes/6u17.html

Source: APPLE
Type: UNKNOWN
APPLE-SA-2009-12-03-1

Source: APPLE
Type: UNKNOWN
APPLE-SA-2009-12-03-2

Source: CCN
Type: RHSA-2009-1560
Critical: java-1.6.0-sun security update

Source: CCN
Type: RHSA-2009-1571
Critical: java-1.5.0-sun security update

Source: CCN
Type: RHSA-2009-1584
Important: java-1.6.0-openjdk security update

Source: CCN
Type: RHSA-2009-1662
Low: Red Hat Network Satellite Server Sun Java Runtime security update

Source: SECUNIA
Type: UNKNOWN
37386

Source: SECUNIA
Type: UNKNOWN
37581

Source: GENTOO
Type: UNKNOWN
GLSA-200911-02

Source: CCN
Type: Apple Web site
About the security content of Java for Mac OS X 10.6 Update 1

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3969

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3970

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2010:084

Source: CCN
Type: OSVDB ID: 59918
Sun Java SE JRE ICC_Profile.getInstance Method Traversal Arbitrary ICC Profile File Disclosure

Source: CCN
Type: USN-859-1
OpenJDK vulnerabilities

Source: CCN
Type: Red Hat Bugzilla Bug 530098
CVE-2009-3728 OpenJDK ICC_Profile file existence detection information leak (6631533)

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=530098

Source: XF
Type: UNKNOWN
java-iccprofilegetinstance-dir-traversal(54261)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10520

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6657

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:jre:1.5.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update10:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update11:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update12:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update13:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update14:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update15:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update16:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update17:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update18:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update19:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update20:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update21:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update3:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update5:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update6:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update7:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update8:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update9:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update10:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update11:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update12:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update13:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update14:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update15:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update16:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update5:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update6:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update7:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update8:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update9:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_1:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_3:*:*:*:*:*:*

OR cpe:/a:sun:openjdk:*:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:sun:openjdk:*:*:*:*:*:*:*:*

AND

cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20093728	V	CVE-2009-3728	2015-11-16
oval:org.mitre.oval:def:28898	P	RHSA-2009:1584 -- java-1.6.0-openjdk security update (Important)	2015-08-17
oval:org.mitre.oval:def:13907	P	USN-859-1 -- openjdk-6 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:22949	P	ELSA-2009:1560: java-1.6.0-sun security update (Critical)	2014-05-26
oval:org.mitre.oval:def:22979	P	ELSA-2009:1584: java-1.6.0-openjdk security update (Important)	2014-05-26
oval:org.mitre.oval:def:22032	P	ELSA-2009:1571: java-1.5.0-sun security update (Critical)	2014-05-26
oval:org.mitre.oval:def:6657	V	OpenJDK ICC_Profile File Existence Detection Information Leak	2014-01-20
oval:org.mitre.oval:def:10520	V	Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.	2013-04-29
oval:com.redhat.rhsa:def:20091584	P	RHSA-2009:1584: java-1.6.0-openjdk security update (Important)	2009-11-16
oval:com.redhat.rhsa:def:20091571	P	RHSA-2009:1571: java-1.5.0-sun security update (Critical)	2009-11-10
oval:com.redhat.rhsa:def:20091560	P	RHSA-2009:1560: java-1.6.0-sun security update (Critical)	2009-11-09

BACK