CVE-2009-3880
Last modified
CVE-2009-3880 is a vulnerability of currently unknown severity. The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.. EPSS estimates a 1.79% chance of exploitation in the next 30 days.
Description
The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Sun | Jre | <= 1.5.0 | Update 21 |
| Sun | Jre | <= 1.6.0 | Update 16 |
| Sun | Jre | 1.5.0 | Update 1 |
| Sun | Jre | 1.6.0 | Update 1 |
| Sun | Openjdk | All versions | — |
References
- http://java.sun.com/j2se/1.5.0/ReleaseNotes.htmlVendor Advisory
- http://java.sun.com/javase/6/webnotes/6u17.htmlVendor Advisory
- http://java.sun.com/j2se/1.5.0/ReleaseNotes.htmlVendor Advisory
- http://java.sun.com/javase/6/webnotes/6u17.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-3880?
How severe is CVE-2009-3880?
How do I fix CVE-2009-3880?
Are you affected by CVE-2009-3880?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST