mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
377 lines
14 KiB
JSON
377 lines
14 KiB
JSON
{
|
|
"id": "CVE-2009-3728",
|
|
"sourceIdentifier": "secalert@redhat.com",
|
|
"published": "2009-11-09T19:30:00.390",
|
|
"lastModified": "2024-11-21T01:08:04.047",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Vulnerabilidad de salto de directorio en el m\u00e9todo ICC_Profile.getInstance en Java Runtime Environment (JRE) en Sun Java SE v5.0 anteriores a Update 22 y 6 anteriores a Update 17, y OpenJDK, permite a atacantes remotos saber que existen perfiles locales de color del consorcio internacional del color (IIC) a trav\u00e9s de .. (punto punto) en el path, tambi\u00e9n conocido como Bug Id 6631533."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
|
"baseScore": 5.0,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-22"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A7FC09E8-7F30-4FE4-912E-588AA250E2A3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A586DE4E-8A46-41DE-9FDB-5FDB81DCC87B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9919D091-73D7-465A-80FF-F37D6CAF9F46"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*",
|
|
"matchCriteriaId": "02565D6F-4CB2-4671-A4EF-3169BCFA6154"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*",
|
|
"matchCriteriaId": "452A3E51-9EAC-451D-BA04-A1E7B7D917EB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3E8C6AAC-C90B-4220-A69B-2A886A35CF5D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*",
|
|
"matchCriteriaId": "55231B6B-9298-4363-9B5A-14C2DA7B1F50"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E42CF0F7-418C-4BB6-9B73-FA3B9171D092"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A5467E9D-07D8-4BEB-84D5-A3136C133519"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B83B2CE1-45D7-47AD-BC0A-6EC74D5F8F5A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8A32F326-EA92-43CD-930E-E527B60CDD3B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7EA5B9E9-654D-44F7-AE98-3D8B382804AC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*",
|
|
"matchCriteriaId": "04344167-530E-4A4D-90EF-74C684943DF1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B0E0373B-201D-408F-9234-A7EFE8B4970D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "44051CFE-D15D-4416-A123-F3E49C67A9E7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F296ACF3-1373-429D-B991-8B5BA704A7EF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B863420B-DE16-416A-9640-1A1340A9B855"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*",
|
|
"matchCriteriaId": "724C972F-74FE-4044-BBC4-7E0E61FC9002"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*",
|
|
"matchCriteriaId": "46F41C15-0EF4-4115-BFAA-EEAD56FAEEDB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EBE909DE-E55A-4BD3-A5BF-ADE407432193"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5DAC04D2-68FD-4793-A8E7-4690A543D7D4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "09027C19-D442-446F-B7A8-21DB6787CF43"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7158D2C0-E9AC-4CD6-B777-EA7B7A181997"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "90EC6C13-4B37-48E5-8199-A702A944D5A6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.6.0:update10:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B6339EF9-97AC-4675-9971-7435A4B31432"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.6.0:update11:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6D1626F8-26F4-4EC5-A486-98808372425F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.6.0:update12:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FA1BFE3B-3773-426B-9E69-250249E059C7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.6.0:update13:*:*:*:*:*:*",
|
|
"matchCriteriaId": "46621D4B-CA2B-4EAC-884E-9CC9486F2F94"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.6.0:update14:*:*:*:*:*:*",
|
|
"matchCriteriaId": "37FED4C9-7501-4DF3-B05E-0B460CBB2D9E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.6.0:update15:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6958538A-0C2E-460F-A130-70515AFBB6A5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.6.0:update16:*:*:*:*:*:*",
|
|
"matchCriteriaId": "ABB1D4B3-54E6-455D-9238-B185DB012A43"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.6.0:update4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "360EF765-0C3A-4A13-9DA3-48928BB978E6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.6.0:update5:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FBE651B3-3320-48E7-BDD5-74D3C609162C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.6.0:update6:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2F435AA3-B716-4B3B-8873-3646E18CA600"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.6.0:update7:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4773DE1C-50EF-4561-B480-74C6BD64D449"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.6.0:update8:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BB2B5C85-D6EE-4C0B-9228-A724D6C780C9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:jre:1.6.0:update9:*:*:*:*:*:*",
|
|
"matchCriteriaId": "60D59062-997B-44F1-95C6-619823F138A7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0E78309B-E13F-4B65-9F59-39A993B900AF"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://java.sun.com/javase/6/webnotes/6u17.html",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/37386",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/37581",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://support.apple.com/kb/HT3969",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://support.apple.com/kb/HT3970",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=530098",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10520",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6657",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://java.sun.com/javase/6/webnotes/6u17.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/37386",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/37581",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://support.apple.com/kb/HT3969",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://support.apple.com/kb/HT3970",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=530098",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10520",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6657",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |