CVE-2009-3880
Sun Java SE <5.0 Update 22 & <6 Update 17 - Info Disclosure
Title source: llmDescription
The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.
References (8)
Core 8
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200911-02.xml
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7316
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10761
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=530296
Vendor Advisory x_refsource_confirm
http://java.sun.com/javase/6/webnotes/6u17.html
Vendor Advisory x_refsource_confirm
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37386
Scores
EPSS
0.0048
EPSS Percentile
65.5%
Details
CWE
CWE-264
Status
published
Products (5)
sun/jre
1.5.0 update_1 (20 CPE variants)
sun/jre
1.6.0 update_1 (15 CPE variants)
sun/jre
< 1.5.0
sun/jre
< 1.6.0
sun/openjdk
Published
Nov 09, 2009
Tracked Since
Feb 18, 2026