CVE - CVE-2009-3728

CVE-ID
CVE-2009-3728	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:37386 URL:http://secunia.com/advisories/37386 MISC:37581 URL:http://secunia.com/advisories/37581 MISC:APPLE-SA-2009-12-03-1 URL:http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html MISC:APPLE-SA-2009-12-03-2 URL:http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html MISC:GLSA-200911-02 URL:http://security.gentoo.org/glsa/glsa-200911-02.xml MISC:MDVSA-2010:084 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:084~~ (Obsolete source) MISC:http://java.sun.com/j2se/1.5.0/ReleaseNotes.html URL:http://java.sun.com/j2se/1.5.0/ReleaseNotes.html MISC:http://java.sun.com/javase/6/webnotes/6u17.html URL:http://java.sun.com/javase/6/webnotes/6u17.html MISC:http://support.apple.com/kb/HT3969 URL:http://support.apple.com/kb/HT3969 MISC:http://support.apple.com/kb/HT3970 URL:http://support.apple.com/kb/HT3970 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=530098 URL:https://bugzilla.redhat.com/show_bug.cgi?id=530098 MISC:oval:org.mitre.oval:def:10520 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10520 MISC:oval:org.mitre.oval:def:6657 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6657
Assigning CNA
Red Hat, Inc.
Date Record Created
20091016	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20091016)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)