CVE-2009-3728

MEDIUM

Description

Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.

ID	Name	Product	Family	Severity
89736	VMware ESX Java Runtime Environment (JRE) Multiple Vulnerabilities (VMSA-2010-0002) (remote check)	Nessus	VMware ESX Local Security Checks	critical
67960	Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-1584)	Nessus	Oracle Linux Local Security Checks	critical
67075	CentOS 5 : java-1.6.0-openjdk (CESA-2009:1584)	Nessus	CentOS Local Security Checks	critical
64831	Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ...) (Unix)	Nessus	Misc.	high
60691	Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
53539	RHEL 4 : Sun Java Runtime in Satellite Server (RHSA-2009:1662)	Nessus	Red Hat Local Security Checks	critical
46176	Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2010:084)	Nessus	Mandriva Local Security Checks	high
45386	VMSA-2010-0002 : VMware vCenter update release addresses multiple security issues in Java JRE	Nessus	VMware ESX Local Security Checks	critical
43003	Mac OS X : Java for Mac OS X 10.6 Update 1	Nessus	MacOS X Local Security Checks	high
43002	Mac OS X : Java for Mac OS X 10.5 Update 6	Nessus	MacOS X Local Security Checks	high
42926	openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)	Nessus	SuSE Local Security Checks	high
42923	openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)	Nessus	SuSE Local Security Checks	high
42921	openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)	Nessus	SuSE Local Security Checks	high
42834	GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
42828	RHEL 5 : java-1.6.0-openjdk (RHSA-2009:1584)	Nessus	Red Hat Local Security Checks	critical
42817	Ubuntu 8.10 / 9.04 / 9.10 : openjdk-6 vulnerabilities (USN-859-1)	Nessus	Ubuntu Local Security Checks	critical
42806	Fedora 10 : java-1.6.0-openjdk-1.6.0.0-23.b16.fc10 (2009-11490)	Nessus	Fedora Local Security Checks	high
42805	Fedora 12 : java-1.6.0-openjdk-1.6.0.0-33.b16.fc12 (2009-11489)	Nessus	Fedora Local Security Checks	high
42802	Fedora 11 : java-1.6.0-openjdk-1.6.0.0-30.b16.fc11 (2009-11486)	Nessus	Fedora Local Security Checks	high
42455	RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:1571)	Nessus	Red Hat Local Security Checks	critical
42431	RHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:1560)	Nessus	Red Hat Local Security Checks	critical
42373	Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ..)	Nessus	Windows	high

CVE-2009-3728

Description

References

Details

Risk Information

CVSS v2.0