Directory Traversal Vulnerability in Java Runtime Environment by Sun
CVE-2009-3728

Currently unrated

Key Information:

Vendor: Oracle
Status: Jre; Openjdk
Vendor: CVE Published:; 9 November 2009

Summary

A directory traversal vulnerability exists in the ICC_Profile.getInstance method of the Java Runtime Environment. This flaw allows remote attackers to exploit the system by manipulating pathname inputs, specifically using '..' sequences. This may result in unauthorized access to system resources, enabling attackers to determine the existence of sensitive local International Color Consortium (ICC) profile files, exposing potential information leaks. Proper validation and sanitization of input paths are essential to prevent such vulnerabilities.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://support.apple.com/kb/HT3970

x_refsource_CONFIRM

http://support.apple.com/kb/HT3969

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 9, 2009
Vulnerability Reserved
Oct 16, 2009