FKIE_CVE-2009-3881

Vulnerability from fkie_nvd - Published: 2009-11-09 19:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650.
References
secalert@redhat.comhttp://java.sun.com/j2se/1.5.0/ReleaseNotes.htmlVendor Advisory
secalert@redhat.comhttp://java.sun.com/javase/6/webnotes/6u17.htmlVendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37386
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200911-02.xml
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:084
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=530173
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11484
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6906
af854a3a-2127-422b-91ae-364da2661108http://java.sun.com/j2se/1.5.0/ReleaseNotes.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://java.sun.com/javase/6/webnotes/6u17.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37386
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200911-02.xml
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=530173
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11484
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6906
Impacted products
Vendor Product Version
sun jre *
sun jre *
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun openjdk *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:jre:*:update_21:*:*:*:*:*:*",
              "matchCriteriaId": "349EC26C-D1B9-44E4-A58E-E05326B7EC7D",
              "versionEndIncluding": "1.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:*",
              "matchCriteriaId": "64DE1804-F822-4D0D-82A3-3B9DE1F3B0D2",
              "versionEndIncluding": "1.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "14E6127E-A40D-437D-B57B-0D7F57D08559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*",
              "matchCriteriaId": "28AE4411-45D1-4978-BA61-334AD04FF8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*",
              "matchCriteriaId": "479EB097-495A-4730-AF51-F2C0064EBA6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*",
              "matchCriteriaId": "9B3E7C12-8D97-42CC-9B2B-A0AE3267DE69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*",
              "matchCriteriaId": "5024BE9F-CE32-4099-A646-F3EC5DB6F63C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*",
              "matchCriteriaId": "DA9FB72A-C55F-4878-89D5-375FDA08163B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*",
              "matchCriteriaId": "1CBC2A9C-9F21-4509-BA72-28B5DB16E55D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*",
              "matchCriteriaId": "485F5ED3-062D-4A8E-AA34-9DC95D0D9646",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*",
              "matchCriteriaId": "124364C5-0616-4C7A-A78F-08FABAA785CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*",
              "matchCriteriaId": "A6BFFF1E-20D6-4508-9842-E7AB35F12B1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "DB7307A5-6F20-44FD-9D09-8FB76E444500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*",
              "matchCriteriaId": "2E7F3992-0C15-4371-BE14-0D2046B3976E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "0E45DE8A-477B-4BF7-893B-D11DDEE82E82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "D107CE0B-2EF2-4CF0-869E-3E27CBCA4997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "81DABB45-F39C-4BF4-8F2B-0CEE60A44C00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "CDDBD68A-771C-44FD-96A3-3AE189DE2591",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_7:*:*:*:*:*:*",
              "matchCriteriaId": "8FBD21F3-AC92-4154-948E-509FB8E097F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_8:*:*:*:*:*:*",
              "matchCriteriaId": "D91F9E0C-0A76-4DBC-A4E5-74E6682A5765",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_9:*:*:*:*:*:*",
              "matchCriteriaId": "86F7EF21-5395-4F1F-A15D-A1C7EDBFAB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*",
              "matchCriteriaId": "A586DE4E-8A46-41DE-9FDB-5FDB81DCC87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "09027C19-D442-446F-B7A8-21DB6787CF43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*",
              "matchCriteriaId": "0A0FEC28-0707-4F42-9740-78F3D2D551EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*",
              "matchCriteriaId": "C3C5879A-A608-4230-9DC1-C27F0F48A13B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*",
              "matchCriteriaId": "0C71089A-BDDE-41FC-9DF9-9AEF4C2374DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*",
              "matchCriteriaId": "2DBB6B73-8D6B-41FF-BEE0-E0C7F5F1EB41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*",
              "matchCriteriaId": "12A3B254-8580-45DB-BDE4-5B5A29CBFFB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*",
              "matchCriteriaId": "1DB1DE6A-66AE-499B-AD92-9E6ACE474C6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "7158D2C0-E9AC-4CD6-B777-EA7B7A181997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "90EC6C13-4B37-48E5-8199-A702A944D5A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "2528152C-E20A-4D97-931C-A5EC3CEAA06D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "A99DAB4C-272B-4C91-BC70-7729E1152590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "30DFC10A-A4D9-4F89-B17C-AB9260087D29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*",
              "matchCriteriaId": "272A5C44-18EC-41A9-8233-E9D4D0734EA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*",
              "matchCriteriaId": "3DA21490-E253-4BDC-9BA8-5D068BE35189",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*",
              "matchCriteriaId": "81C2C04D-D4BA-4C87-9609-C53AA63BFF19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E78309B-E13F-4B65-9F59-39A993B900AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an \"information leak vulnerability,\" aka Bug Id 6636650."
    },
    {
      "lang": "es",
      "value": "Sun Java SE v5.0 anterior a Update 22 y 6 anterior a Update 17, y OpenJDK, no previene la existencia de procesos hijo en un ClassLoader resucitada, lo que permite a atacantes remotos obtener privilegios a trav\u00e9s de vectores no especificados, relacionado con una vulnerabilidad de debilidad de informaci\u00f3n., tambi\u00e9n conocido como Bug Id 6636650."
    }
  ],
  "id": "CVE-2009-3881",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-11-09T19:30:00.500",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37386"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530173"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11484"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11484"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6906"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.