CVE-2009-3880

medium

Description

The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.

References

http://java.sun.com/j2se/1.5.0/ReleaseNotes.html

http://java.sun.com/javase/6/webnotes/6u17.html

https://bugzilla.redhat.com/show_bug.cgi?id=530296

http://secunia.com/advisories/37386

http://security.gentoo.org/glsa/glsa-200911-02.xml

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10761

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7316

http://www.mandriva.com/security/advisories?name=MDVSA-2010:084

Details

Published: 2009-11-09

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium