{"api_version":"1","generated_at":"2026-04-23T13:25:14+00:00","cve":"CVE-2009-3728","urls":{"html":"https://cve.report/CVE-2009-3728","api":"https://cve.report/api/cve/CVE-2009-3728.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-3728","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-3728"},"summary":{"title":"CVE-2009-3728","description":"Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.","state":"PUBLISHED","assigner":"redhat","published_at":"2009-11-09 19:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-22","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://support.apple.com/kb/HT3970","name":"http://support.apple.com/kb/HT3970","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"About the security content of Java for Mac OS X 10.5 Update 6","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:084","name":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:084","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Advisories | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://java.sun.com/javase/6/webnotes/6u17.html","name":"http://java.sun.com/javase/6/webnotes/6u17.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Java SE 6 Update 17 Release Notes.","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://java.sun.com/j2se/1.5.0/ReleaseNotes.html","name":"http://java.sun.com/j2se/1.5.0/ReleaseNotes.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"JDK 5.0u22 Release Notes","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6657","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6657","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html","name":"http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"APPLE-SA-2009-12-03-1 Java for Mac OS X 10.6 Update 1","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530098","name":"https://bugzilla.redhat.com/show_bug.cgi?id=530098","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Bug 530098 – CVE-2009-3728 OpenJDK ICC_Profile file existence detection information leak (6631533)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/37581","name":"http://secunia.com/advisories/37581","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Apple Mac OS X update for Java - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10520","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10520","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-200911-02.xml","name":"http://security.gentoo.org/glsa/glsa-200911-02.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo Linux Documentation\n--\n  Sun JDK/JRE: Multiple vulnerabilites","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/37386","name":"http://secunia.com/advisories/37386","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo updates for sun-jre-bin, sun-jdk, blackdown-jre, blackdown-jdk, and emul-linux-x86-java - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.apple.com/kb/HT3969","name":"http://support.apple.com/kb/HT3969","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"About the security content of Java for Mac OS X 10.6 Update 1","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html","name":"http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"APPLE-SA-2009-12-03-2 Java for Mac OS X 10.5 Update 6","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-3728","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3728","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update10","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update11","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update12","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update13","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update14","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update15","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update16","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update17","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update18","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update19","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update20","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update21","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update7","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update8","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update9","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update10","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update11","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update12","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update13","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update14","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update15","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update16","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update7","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update8","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update9","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update_1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update_2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update_3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3728","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"openjdk","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T06:38:30.469Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"oval:org.mitre.oval:def:6657","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6657"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://support.apple.com/kb/HT3970"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://support.apple.com/kb/HT3969"},{"name":"GLSA-200911-02","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://security.gentoo.org/glsa/glsa-200911-02.xml"},{"name":"oval:org.mitre.oval:def:10520","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10520"},{"name":"APPLE-SA-2009-12-03-1","tags":["vendor-advisory","x_refsource_APPLE","x_transferred"],"url":"http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"},{"name":"APPLE-SA-2009-12-03-2","tags":["vendor-advisory","x_refsource_APPLE","x_transferred"],"url":"http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"},{"name":"37581","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/37581"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://java.sun.com/javase/6/webnotes/6u17.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"},{"name":"MDVSA-2010:084","tags":["vendor-advisory","x_refsource_MANDRIVA","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"},{"name":"37386","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/37386"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530098"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2009-11-03T00:00:00.000Z","descriptions":[{"lang":"en","value":"Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-09-18T12:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"oval:org.mitre.oval:def:6657","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6657"},{"tags":["x_refsource_CONFIRM"],"url":"http://support.apple.com/kb/HT3970"},{"tags":["x_refsource_CONFIRM"],"url":"http://support.apple.com/kb/HT3969"},{"name":"GLSA-200911-02","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://security.gentoo.org/glsa/glsa-200911-02.xml"},{"name":"oval:org.mitre.oval:def:10520","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10520"},{"name":"APPLE-SA-2009-12-03-1","tags":["vendor-advisory","x_refsource_APPLE"],"url":"http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"},{"name":"APPLE-SA-2009-12-03-2","tags":["vendor-advisory","x_refsource_APPLE"],"url":"http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"},{"name":"37581","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/37581"},{"tags":["x_refsource_CONFIRM"],"url":"http://java.sun.com/javase/6/webnotes/6u17.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"},{"name":"MDVSA-2010:084","tags":["vendor-advisory","x_refsource_MANDRIVA"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"},{"name":"37386","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/37386"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530098"}]}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2009-3728","datePublished":"2009-11-09T19:00:00.000Z","dateReserved":"2009-10-16T00:00:00.000Z","dateUpdated":"2024-08-07T06:38:30.469Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-11-09 19:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-22","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*","matchCriteriaId":"A7FC09E8-7F30-4FE4-912E-588AA250E2A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*","matchCriteriaId":"A586DE4E-8A46-41DE-9FDB-5FDB81DCC87B"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*","matchCriteriaId":"9919D091-73D7-465A-80FF-F37D6CAF9F46"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*","matchCriteriaId":"02565D6F-4CB2-4671-A4EF-3169BCFA6154"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*","matchCriteriaId":"452A3E51-9EAC-451D-BA04-A1E7B7D917EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*","matchCriteriaId":"3E8C6AAC-C90B-4220-A69B-2A886A35CF5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*","matchCriteriaId":"55231B6B-9298-4363-9B5A-14C2DA7B1F50"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*","matchCriteriaId":"E42CF0F7-418C-4BB6-9B73-FA3B9171D092"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*","matchCriteriaId":"A5467E9D-07D8-4BEB-84D5-A3136C133519"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*","matchCriteriaId":"B83B2CE1-45D7-47AD-BC0A-6EC74D5F8F5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*","matchCriteriaId":"8A32F326-EA92-43CD-930E-E527B60CDD3B"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*","matchCriteriaId":"7EA5B9E9-654D-44F7-AE98-3D8B382804AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*","matchCriteriaId":"04344167-530E-4A4D-90EF-74C684943DF1"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*","matchCriteriaId":"B0E0373B-201D-408F-9234-A7EFE8B4970D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*","matchCriteriaId":"44051CFE-D15D-4416-A123-F3E49C67A9E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*","matchCriteriaId":"F296ACF3-1373-429D-B991-8B5BA704A7EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*","matchCriteriaId":"B863420B-DE16-416A-9640-1A1340A9B855"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*","matchCriteriaId":"724C972F-74FE-4044-BBC4-7E0E61FC9002"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*","matchCriteriaId":"46F41C15-0EF4-4115-BFAA-EEAD56FAEEDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*","matchCriteriaId":"EBE909DE-E55A-4BD3-A5BF-ADE407432193"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*","matchCriteriaId":"5DAC04D2-68FD-4793-A8E7-4690A543D7D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*","matchCriteriaId":"09027C19-D442-446F-B7A8-21DB6787CF43"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*","matchCriteriaId":"7158D2C0-E9AC-4CD6-B777-EA7B7A181997"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*","matchCriteriaId":"90EC6C13-4B37-48E5-8199-A702A944D5A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update10:*:*:*:*:*:*","matchCriteriaId":"B6339EF9-97AC-4675-9971-7435A4B31432"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update11:*:*:*:*:*:*","matchCriteriaId":"6D1626F8-26F4-4EC5-A486-98808372425F"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update12:*:*:*:*:*:*","matchCriteriaId":"FA1BFE3B-3773-426B-9E69-250249E059C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update13:*:*:*:*:*:*","matchCriteriaId":"46621D4B-CA2B-4EAC-884E-9CC9486F2F94"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update14:*:*:*:*:*:*","matchCriteriaId":"37FED4C9-7501-4DF3-B05E-0B460CBB2D9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update15:*:*:*:*:*:*","matchCriteriaId":"6958538A-0C2E-460F-A130-70515AFBB6A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update16:*:*:*:*:*:*","matchCriteriaId":"ABB1D4B3-54E6-455D-9238-B185DB012A43"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update4:*:*:*:*:*:*","matchCriteriaId":"360EF765-0C3A-4A13-9DA3-48928BB978E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update5:*:*:*:*:*:*","matchCriteriaId":"FBE651B3-3320-48E7-BDD5-74D3C609162C"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update6:*:*:*:*:*:*","matchCriteriaId":"2F435AA3-B716-4B3B-8873-3646E18CA600"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update7:*:*:*:*:*:*","matchCriteriaId":"4773DE1C-50EF-4561-B480-74C6BD64D449"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update8:*:*:*:*:*:*","matchCriteriaId":"BB2B5C85-D6EE-4C0B-9228-A724D6C780C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update9:*:*:*:*:*:*","matchCriteriaId":"60D59062-997B-44F1-95C6-619823F138A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*","matchCriteriaId":"0E78309B-E13F-4B65-9F59-39A993B900AF"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"3728","Ordinal":"1","Title":"CVE-2009-3728","CVE":"CVE-2009-3728","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"3728","Ordinal":"1","NoteData":"Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.","Type":"Description","Title":"CVE-2009-3728"},{"CveYear":"2009","CveId":"3728","Ordinal":"2","NoteData":"2009-11-09","Type":"Other","Title":"Published"},{"CveYear":"2009","CveId":"3728","Ordinal":"3","NoteData":"2017-09-18","Type":"Other","Title":"Modified"}]}}}