CVE-2009-3728 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 64%

Affected Products (NVD)

Vendor	Product	Version
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	openjdk	*

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

openjdk-6

dapper	dne
hardy	Fixed 6b18-1.8.2-4ubuntu1~8.04.1 released
intrepid	Fixed 6b12-0ubuntu6.6 released
jaunty	Fixed 6b14-1.4.1-0ubuntu12 released
karmic	Fixed 6b16-1.6.1-3ubuntu1 released
lucid	not-affected
maverick	not-affected

sun-java5

dapper	ignored
gutsy	ignored
hardy	not-affected
intrepid	ignored
jaunty	ignored
karmic	dne
lucid	dne
maverick	dne

sun-java6

dapper	dne
hardy	Fixed 6.20dlj-0ubuntu1.8.04 released
intrepid	ignored
jaunty	Fixed 6.20dlj-0ubuntu1.9.04 released
karmic	Fixed 6.20dlj-0ubuntu1.9.10 released
lucid	Fixed 6.20dlj-1ubuntu3 released
maverick	not-affected

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://java.sun.com/j2se/1.5.0/ReleaseNotes.html

http://java.sun.com/javase/6/webnotes/6u17.html

http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html

http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html

http://secunia.com/advisories/37386

http://secunia.com/advisories/37581

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://support.apple.com/kb/HT3969

http://support.apple.com/kb/HT3970

http://www.mandriva.com/security/advisories?name=MDVSA-2010:084

https://bugzilla.redhat.com/show_bug.cgi?id=530098

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10520

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6657

http://java.sun.com/j2se/1.5.0/ReleaseNotes.html

http://java.sun.com/javase/6/webnotes/6u17.html

http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html

http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html

http://secunia.com/advisories/37386

http://secunia.com/advisories/37581

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://support.apple.com/kb/HT3969

http://support.apple.com/kb/HT3970

http://www.mandriva.com/security/advisories?name=MDVSA-2010:084

https://bugzilla.redhat.com/show_bug.cgi?id=530098

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10520

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6657