Information Leak in Sun Java SE and OpenJDK Products
CVE-2009-3881

Currently unrated

Key Information:

Vendor: Oracle
Status: Jre; Openjdk
Vendor: CVE Published:; 9 November 2009

Summary

An information leak vulnerability exists in Sun Java SE versions 5.0 prior to Update 22 and 6 prior to Update 17, as well as in OpenJDK. This flaw stems from the inability to prevent the existence of child ClassLoader instances after they have been resurrected, which could potentially allow remote attackers to exploit this oversight. The implications include gaining unauthorized privileges through unspecified vectors, exposing a significant risk to affected systems.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://bugzilla.redhat.com/show_bug.cgi?id=530173

x_refsource_CONFIRM

http://security.gentoo.org/glsa/glsa-200911-02.xml

vendor-advisoryx_refsource_GENTOO

Timeline

Vulnerability published
Nov 9, 2009
Vulnerability Reserved
Nov 5, 2009