CVE-2009-3880

Published: 11/9/2009 Last updated: 8/7/2024 Reserved: 11/5/2009

The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (1)

conf-openjdk

Products affected (1)

Product	Vendor	Version
n/a	n/a	MDM9628

References (16)

https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7316
https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10761
http://security.gentoo.org/glsa/glsa-200911-02.xml
https://bugzilla.redhat.com/show_bug.cgi?id=530296
http://java.sun.com/javase/6/webnotes/6u17.html
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
http://secunia.com/advisories/37386
https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7316
https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10761
http://security.gentoo.org/glsa/glsa-200911-02.xml
https://bugzilla.redhat.com/show_bug.cgi?id=530296
http://java.sun.com/javase/6/webnotes/6u17.html
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
http://secunia.com/advisories/37386