Home > Vulnerability Database > CVE-2009-3880

Mend.io Vulnerability Database

CVE-2009-3880

Date: November 9, 2009

The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.

Severity Score

5.3

Related Resources (11)

Url: http://java.sun.com/javase/6/webnotes/6u17.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-3880

Url: http://java.sun.com/j2se/1.5.0/ReleaseNotes.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2010:084

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7316

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10761

Url: http://security.gentoo.org/glsa/glsa-200911-02.xml

Url: http://secunia.com/advisories/37386

Url: https://bugzilla.redhat.com/show_bug.cgi?id=530296

Url: https://access.redhat.com/security/cve/CVE-2009-3880

Url: https://www.mend.io/vulnerability-database/CVE-2009-3880

Severity Score

5.3

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2009-3880

Date: November 9, 2009

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?