Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2009-3880

EPSS 0.48% · P65
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2009-3880

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Sun Java SE和OpenJDK "Abstract Window Toolkit (AWT)" 访问控制和信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Solaris系统的Java运行时环境(JRE)为JAVA应用程序提供可靠的运行环境。 Sun Java SE和OpenJDK "Abstract Window Toolkit (AWT)" 存在访问控制和信息泄露漏洞,系统由于没有限制对日志对象的访问限制,远程攻击者通过与Component, KeyboardFocusManager, 和DefaultKeyboardFocusManager应用相关的向量获得系统敏感信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2009-3880

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2009-3880

Please Login to view more intelligence information

Same Patch Batch · n/a · 2009-11-09 · 24 CVEs total

CVE-2009-3911TFTgallery 'settings.php' 跨站脚本攻击漏洞
CVE-2009-3922Drupal User Protect 跨站请求伪造漏洞
CVE-2009-3921Drupal Smartqueue OG模块安全许可和信息泄露漏洞
CVE-2009-3920Drupal NGP COO/CWP Integration模块访问控制和信息泄露漏洞
CVE-2009-3919Drupal NGP COO/CWP Integration模块安全绕过和HTML注入漏洞
CVE-2009-3918Drupal Zoomify模块HTML注入漏洞
CVE-2009-3917Drupal S5 Presentation Player模块HTML注入漏洞
CVE-2009-3916Drupal Node Hierarchy模块跨站脚本漏洞
CVE-2009-3915Drupal Link模块跨站脚本攻击漏洞
CVE-2009-3914Drupal Temporary Invitation模块跨站脚本漏洞
CVE-2009-3913Xerox Fiery WebTools 'summary.php' SQL注入漏洞
CVE-2009-3912TFTgallery 'index.php' 目录遍历漏洞
CVE-2009-3726Linux kernel 资源管理错误漏洞
CVE-2009-3555Apache HTTP Server 信任管理问题漏洞
CVE-2009-3886Sun Java SE "Java Web Start"应用未明安全漏洞
CVE-2009-3885Sun Java SE "BMP"方法 拒绝服务攻击漏洞
CVE-2009-3884Sun Java SE和OpenJDK 方法"TimeZone.getTimeZone" 信息泄露漏洞
CVE-2009-3883Sun Java SE和OpenJDK 特征"PL&F" 多个未明安全漏洞
CVE-2009-3882Sun Java SE和OpenJDK 应用"Swing" 多个未明安全漏洞
CVE-2009-3881Sun Java SE和OpenJDK "ClassLoader" 权限获得和信息泄露漏洞

Showing top 20 of 24 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2009-3880

No comments yet

Leave a comment