CVE-2009-3884 Information

Feb 14, 2021 cve

Description

The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17 and OpenJDK allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files aka Bug Id 6824265.

Reference

http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://java.sun.com/javase/6/webnotes/6u17.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html http://secunia.com/advisories/37386 http://secunia.com/advisories/37581 http://security.gentoo.org/glsa/glsa-200911-02.xml http://support.apple.com/kb/HT3969 http://support.apple.com/kb/HT3970 http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 https://bugzilla.redhat.com/show_bug.cgi?id=530300 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11686 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6960

Share on: