Directory Traversal Vulnerability in Java Runtime Environment by Sun
CVE-2009-3728

Currently unrated

Key Information:

Vendor

Oracle
Status
Jre
Openjdk
Vendor
CVE Published:
9 November 2009

What is CVE-2009-3728?

A directory traversal vulnerability exists in the ICC_Profile.getInstance method of the Java Runtime Environment. This flaw allows remote attackers to exploit the system by manipulating pathname inputs, specifically using '..' sequences. This may result in unauthorized access to system resources, enabling attackers to determine the existence of sensitive local International Color Consortium (ICC) profile files, exposing potential information leaks. Proper validation and sanitization of input paths are essential to prevent such vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
http://support.apple.com/kb/HT3970
x_refsource_CONFIRM
http://support.apple.com/kb/HT3969
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.