| Vulnerability Name: | CVE-2009-3881 (CCN-54232) | ||||||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2009-11-03 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2009-11-03 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2017-09-19 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Summary: | Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650. | ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
4.4 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-200 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2009-3881 Source: CCN Type: Sun Microsystems Web site JDK 5.0 Update 22 Release Notes Source: CONFIRM Type: Vendor Advisory http://java.sun.com/j2se/1.5.0/ReleaseNotes.html Source: CONFIRM Type: Vendor Advisory http://java.sun.com/javase/6/webnotes/6u17.html Source: CCN Type: RHSA-2009-1560 Critical: java-1.6.0-sun security update Source: CCN Type: RHSA-2009-1571 Critical: java-1.5.0-sun security update Source: CCN Type: RHSA-2009-1584 Important: java-1.6.0-openjdk security update Source: CCN Type: RHSA-2009-1662 Low: Red Hat Network Satellite Server Sun Java Runtime security update Source: SECUNIA Type: UNKNOWN 37386 Source: GENTOO Type: UNKNOWN GLSA-200911-02 Source: MANDRIVA Type: UNKNOWN MDVSA-2010:084 Source: CCN Type: OSVDB ID: 59917 Sun Java SE Resurrected ClassLoader Children Handling Unspecified Remote Privilege Escalation Source: CCN Type: USN-859-1 OpenJDK vulnerabilities Source: CCN Type: Red Hat Bugzilla Bug 530173 CVE-2009-3881 OpenJDK resurrected classloaders can still have children (6636650) Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=530173 Source: XF Type: UNKNOWN java-classloader-priv-escalation(54232) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11484 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:6906 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||||||