Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2009-3728

EPSS 0.49% · P65
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2009-3728

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Sun Java SE和OpenJDK 模块"ICC_Profile.getInstance" 目录遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Solaris系统的Java运行时环境(JRE)为JAVA应用程序提供可靠的运行环境。 Sun Java SE和OpenJDK 模块"ICC_Profile.getInstance" 存在目录遍历漏洞,远程攻击者通过在pathname中加入..探测本地是否存在International Color Consortium (ICC)配置文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2009-3728

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2009-3728

Please Login to view more intelligence information

Same Patch Batch · n/a · 2009-11-09 · 24 CVEs total

CVE-2009-3911TFTgallery 'settings.php' 跨站脚本攻击漏洞
CVE-2009-3922Drupal User Protect 跨站请求伪造漏洞
CVE-2009-3921Drupal Smartqueue OG模块安全许可和信息泄露漏洞
CVE-2009-3920Drupal NGP COO/CWP Integration模块访问控制和信息泄露漏洞
CVE-2009-3919Drupal NGP COO/CWP Integration模块安全绕过和HTML注入漏洞
CVE-2009-3918Drupal Zoomify模块HTML注入漏洞
CVE-2009-3917Drupal S5 Presentation Player模块HTML注入漏洞
CVE-2009-3916Drupal Node Hierarchy模块跨站脚本漏洞
CVE-2009-3915Drupal Link模块跨站脚本攻击漏洞
CVE-2009-3914Drupal Temporary Invitation模块跨站脚本漏洞
CVE-2009-3913Xerox Fiery WebTools 'summary.php' SQL注入漏洞
CVE-2009-3912TFTgallery 'index.php' 目录遍历漏洞
CVE-2009-3726Linux kernel 资源管理错误漏洞
CVE-2009-3555Apache HTTP Server 信任管理问题漏洞
CVE-2009-3886Sun Java SE "Java Web Start"应用未明安全漏洞
CVE-2009-3885Sun Java SE "BMP"方法 拒绝服务攻击漏洞
CVE-2009-3884Sun Java SE和OpenJDK 方法"TimeZone.getTimeZone" 信息泄露漏洞
CVE-2009-3883Sun Java SE和OpenJDK 特征"PL&F" 多个未明安全漏洞
CVE-2009-3882Sun Java SE和OpenJDK 应用"Swing" 多个未明安全漏洞
CVE-2009-3881Sun Java SE和OpenJDK "ClassLoader" 权限获得和信息泄露漏洞

Showing top 20 of 24 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2009-3728

No comments yet

Leave a comment