| Vulnerability Name: | CVE-2009-3880 (CCN-54248) | ||||||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2009-11-03 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2009-11-03 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2017-09-19 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Summary: | The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512. | ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-264 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2009-3880 Source: CCN Type: Sun Microsystems Web site JDK 5.0 Update 22 Release Notes Source: CONFIRM Type: Vendor Advisory http://java.sun.com/j2se/1.5.0/ReleaseNotes.html Source: CONFIRM Type: Vendor Advisory http://java.sun.com/javase/6/webnotes/6u17.html Source: CCN Type: RHSA-2009-1560 Critical: java-1.6.0-sun security update Source: CCN Type: RHSA-2009-1571 Critical: java-1.5.0-sun security update Source: CCN Type: RHSA-2009-1584 Important: java-1.6.0-openjdk security update Source: CCN Type: RHSA-2009-1662 Low: Red Hat Network Satellite Server Sun Java Runtime security update Source: SECUNIA Type: UNKNOWN 37386 Source: GENTOO Type: UNKNOWN GLSA-200911-02 Source: MANDRIVA Type: UNKNOWN MDVSA-2010:084 Source: CCN Type: OSVDB ID: 59921 Sun Java SE JRE Abstract Window Toolkit (AWT) Logger Object Restriction Information Disclosure Source: CCN Type: USN-859-1 OpenJDK vulnerabilities Source: CCN Type: Red Hat Bugzilla Bug 530296 CVE-2009-3880 OpenJDK UI logging information leakage(6664512) Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=530296 Source: XF Type: UNKNOWN java-awt-information-disclosure(54248) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10761 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:7316 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||||||