Description
The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.
References (13)
Core 13
Core References
Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=530300
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3970
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3969
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200911-02.xml
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11686
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6960
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37581
Vendor Advisory x_refsource_confirm
http://java.sun.com/javase/6/webnotes/6u17.html
Vendor Advisory x_refsource_confirm
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37386
Scores
EPSS
0.0135
EPSS Percentile
80.3%
Details
Status
published
Products (5)
sun/jre
1.5.0 update_1 (20 CPE variants)
sun/jre
1.6.0 update_1 (15 CPE variants)
sun/jre
< 1.5.0
sun/jre
< 1.6.0
sun/openjdk
Published
Nov 09, 2009
Tracked Since
Feb 18, 2026