The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html
http://java.sun.com/javase/6/webnotes/6u17.html
http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
http://secunia.com/advisories/37386
http://secunia.com/advisories/37581
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://support.apple.com/kb/HT3969
http://support.apple.com/kb/HT3970
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
https://bugzilla.redhat.com/show_bug.cgi?id=530300
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11686
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6960
Source: MITRE
Published: 2009-11-09
Updated: 2017-09-19
Type: NVD-CWE-Other
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
OR
cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update_21:*:*:*:*:*:* versions up to 1.5.0 (inclusive)
cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_9:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:* versions up to 1.6.0 (inclusive)
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
89736 | VMware ESX Java Runtime Environment (JRE) Multiple Vulnerabilities (VMSA-2010-0002) (remote check) | Nessus | VMware ESX Local Security Checks | critical |
67960 | Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-1584) | Nessus | Oracle Linux Local Security Checks | critical |
67075 | CentOS 5 : java-1.6.0-openjdk (CESA-2009:1584) | Nessus | CentOS Local Security Checks | critical |
64831 | Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ...) (Unix) | Nessus | Misc. | high |
60691 | Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | high |
53539 | RHEL 4 : Sun Java Runtime in Satellite Server (RHSA-2009:1662) | Nessus | Red Hat Local Security Checks | critical |
46176 | Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2010:084) | Nessus | Mandriva Local Security Checks | high |
45386 | VMSA-2010-0002 : VMware vCenter update release addresses multiple security issues in Java JRE | Nessus | VMware ESX Local Security Checks | critical |
43003 | Mac OS X : Java for Mac OS X 10.6 Update 1 | Nessus | MacOS X Local Security Checks | high |
43002 | Mac OS X : Java for Mac OS X 10.5 Update 6 | Nessus | MacOS X Local Security Checks | high |
42926 | openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613) | Nessus | SuSE Local Security Checks | high |
42923 | openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613) | Nessus | SuSE Local Security Checks | high |
42921 | openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613) | Nessus | SuSE Local Security Checks | high |
42834 | GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
42828 | RHEL 5 : java-1.6.0-openjdk (RHSA-2009:1584) | Nessus | Red Hat Local Security Checks | critical |
42817 | Ubuntu 8.10 / 9.04 / 9.10 : openjdk-6 vulnerabilities (USN-859-1) | Nessus | Ubuntu Local Security Checks | critical |
42806 | Fedora 10 : java-1.6.0-openjdk-1.6.0.0-23.b16.fc10 (2009-11490) | Nessus | Fedora Local Security Checks | high |
42805 | Fedora 12 : java-1.6.0-openjdk-1.6.0.0-33.b16.fc12 (2009-11489) | Nessus | Fedora Local Security Checks | high |
42802 | Fedora 11 : java-1.6.0-openjdk-1.6.0.0-30.b16.fc11 (2009-11486) | Nessus | Fedora Local Security Checks | high |
42455 | RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:1571) | Nessus | Red Hat Local Security Checks | critical |
42431 | RHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:1560) | Nessus | Red Hat Local Security Checks | critical |
42373 | Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ..) | Nessus | Windows | high |