CVE-2009-3880
First published: Thu Oct 22 2009(Updated: )
The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sun Java Runtime Environment (JRE) | <=1.5.0 | |
| Sun Java Runtime Environment (JRE) | <=1.6.0 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_1 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_11 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_12 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_13 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_14 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_15 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_16 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_17 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_18 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_19 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_2 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_20 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_3 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_4 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_5 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_6 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_7 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_8 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_9 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update10 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_1 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_10 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_11 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_12 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_13 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_14 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_15 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_2 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_3 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_4 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_5 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_6 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_7 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_8 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_9 | |
| OpenJDK 1.7.0 Headless |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=530296
- http://java.sun.com/javase/6/webnotes/6u17.html
- http://java.sun.com/j2se/1.5.0/ReleaseNotes.html
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://secunia.com/advisories/37386
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7316
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10761
- https://rhn.redhat.com/errata/RHSA-2009-1560.html
- https://rhn.redhat.com/errata/RHSA-2009-1571.html
- http://admin.fedoraproject.org/updates/java-1.6.0-openjdk-1.6.0.0-33.b16.fc12
- http://admin.fedoraproject.org/updates/java-1.6.0-openjdk-1.6.0.0-23.b16.fc10
- http://admin.fedoraproject.org/updates/java-1.6.0-openjdk-1.6.0.0-30.b16.fc11
- https://rhn.redhat.com/errata/RHSA-2009-1584.html
- https://rhn.redhat.com/errata/RHSA-2009-1662.html
Frequently Asked Questions
What is the severity of CVE-2009-3880?
CVE-2009-3880 is rated as a medium severity vulnerability.
How do I fix CVE-2009-3880?
To fix CVE-2009-3880, you should upgrade to Java Runtime Environment 5.0 Update 22 or later, or 6 Update 17 or later.
What systems are affected by CVE-2009-3880?
CVE-2009-3880 affects multiple versions of Sun Java SE 5.0 and 6, along with OpenJDK.
What type of vulnerability is CVE-2009-3880?
CVE-2009-3880 is an information disclosure vulnerability in the Abstract Window Toolkit (AWT) of Java.
Can CVE-2009-3880 lead to data breaches?
Yes, CVE-2009-3880 can potentially allow attackers to gain access to sensitive information, leading to data breaches.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-3880
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/sun
- canonical/sun java runtime environment (jre)
- version/sun java runtime environment (jre)/1.5.0
- version/sun java runtime environment (jre)/1.6.0
- version/sun java runtime environment (jre)/1.5.0-update_1
- version/sun java runtime environment (jre)/1.5.0-update_11
- version/sun java runtime environment (jre)/1.5.0-update_12
- version/sun java runtime environment (jre)/1.5.0-update_13
- version/sun java runtime environment (jre)/1.5.0-update_14
- version/sun java runtime environment (jre)/1.5.0-update_15
- version/sun java runtime environment (jre)/1.5.0-update_16
- version/sun java runtime environment (jre)/1.5.0-update_17
- version/sun java runtime environment (jre)/1.5.0-update_18
- version/sun java runtime environment (jre)/1.5.0-update_19
- version/sun java runtime environment (jre)/1.5.0-update_2
- version/sun java runtime environment (jre)/1.5.0-update_20
- version/sun java runtime environment (jre)/1.5.0-update_3
- version/sun java runtime environment (jre)/1.5.0-update_4
- version/sun java runtime environment (jre)/1.5.0-update_5
- version/sun java runtime environment (jre)/1.5.0-update_6
- version/sun java runtime environment (jre)/1.5.0-update_7
- version/sun java runtime environment (jre)/1.5.0-update_8
- version/sun java runtime environment (jre)/1.5.0-update_9
- version/sun java runtime environment (jre)/1.5.0-update10
- version/sun java runtime environment (jre)/1.6.0-update_1
- version/sun java runtime environment (jre)/1.6.0-update_10
- version/sun java runtime environment (jre)/1.6.0-update_11
- version/sun java runtime environment (jre)/1.6.0-update_12
- version/sun java runtime environment (jre)/1.6.0-update_13
- version/sun java runtime environment (jre)/1.6.0-update_14
- version/sun java runtime environment (jre)/1.6.0-update_15
- version/sun java runtime environment (jre)/1.6.0-update_2
- version/sun java runtime environment (jre)/1.6.0-update_3
- version/sun java runtime environment (jre)/1.6.0-update_4
- version/sun java runtime environment (jre)/1.6.0-update_5
- version/sun java runtime environment (jre)/1.6.0-update_6
- version/sun java runtime environment (jre)/1.6.0-update_7
- version/sun java runtime environment (jre)/1.6.0-update_8
- version/sun java runtime environment (jre)/1.6.0-update_9
- canonical/openjdk 1.7.0 headless