CVE-2009-3884

Currently unrated

Key Information:

Vendor: Oracle
Status: Jre; Openjdk
Vendor: CVE Published:; 9 November 2009

Summary

The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.

References

https://bugzilla.redhat.com/show_bug.cgi?id=530300

x_refsource_CONFIRM

http://support.apple.com/kb/HT3970

x_refsource_CONFIRM

http://support.apple.com/kb/HT3969

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 9, 2009
Vulnerability Reserved
Nov 5, 2009