Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2009-3728

Published

14 years ago

Last Modified

5 years ago

CVSSv2.0 Severity

Medium

Impact Analysis

Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533..

CVSSv2.0 Score

Severity: Medium
Base Score: 5/10
Exploit Score: 10/10
Access Vector: Network
Access Complexity: Low
Authentication Required: None
Impact Score: 2.9/10
Confidentiality Impact: Partial
Availability Impact: None
Integrity Impact: None

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:sun:jre:1.6.0:update_3::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.6.0:update8::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.5.0:update18::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.5.0:update2::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.6.0:update16::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.6.0:update_1::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.5.0:update13::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.6.0:update_2::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.6.0:update11::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.5.0:update12::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.5.0:update8::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.5.0:update16::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.6.0:update14::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.5.0:update21::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.6.0:update5::::::	Yes	-	-
cpe:2.3:a:sun:openjdk::::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.5.0:update11::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.5.0:update15::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.6.0:update7::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.6.0:update10::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.5.0:update7::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.6.0:update9::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.5.0:update3::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.5.0:update20::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.5.0:update5::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.5.0:update14::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.5.0:update6::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.6.0:update6::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.5.0:update9::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.5.0:update1::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.6.0:update4::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.5.0:update19::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.5.0:update10::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.6.0:update12::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.5.0:update4::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.6.0:update15::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.6.0:update13::::::	Yes	-	-
cpe:2.3:a:sun:jre:1.5.0:update17::::::	Yes	-	-

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2009-3728

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

CVSSv2.0 Score

Products Affected

References

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2009-3728

CVE information

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

Description

CVSSv2.0 Score

Products Affected

References