{"api_version":"1","generated_at":"2026-04-23T15:07:30+00:00","cve":"CVE-2009-3884","urls":{"html":"https://cve.report/CVE-2009-3884","api":"https://cve.report/api/cve/CVE-2009-3884.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-3884","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-3884"},"summary":{"title":"CVE-2009-3884","description":"The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.","state":"PUBLISHED","assigner":"redhat","published_at":"2009-11-09 19:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://support.apple.com/kb/HT3970","name":"http://support.apple.com/kb/HT3970","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"About the security content of Java for Mac OS X 10.5 Update 6","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:084","name":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:084","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Advisories | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6960","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6960","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530300","name":"https://bugzilla.redhat.com/show_bug.cgi?id=530300","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Bug 530300 – CVE-2009-3884 OpenJDK zoneinfo file existence information leak (6824265)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://java.sun.com/javase/6/webnotes/6u17.html","name":"http://java.sun.com/javase/6/webnotes/6u17.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Java SE 6 Update 17 Release Notes.","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://java.sun.com/j2se/1.5.0/ReleaseNotes.html","name":"http://java.sun.com/j2se/1.5.0/ReleaseNotes.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"JDK 5.0u22 Release Notes","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html","name":"http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"APPLE-SA-2009-12-03-1 Java for Mac OS X 10.6 Update 1","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/37581","name":"http://secunia.com/advisories/37581","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Apple Mac OS X update for Java - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-200911-02.xml","name":"http://security.gentoo.org/glsa/glsa-200911-02.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo Linux Documentation\n--\n  Sun JDK/JRE: Multiple vulnerabilites","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/37386","name":"http://secunia.com/advisories/37386","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo updates for sun-jre-bin, sun-jdk, blackdown-jre, blackdown-jdk, and emul-linux-x86-java - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.apple.com/kb/HT3969","name":"http://support.apple.com/kb/HT3969","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"About the security content of Java for Mac OS X 10.6 Update 1","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html","name":"http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"APPLE-SA-2009-12-03-2 Java for Mac OS X 10.5 Update 6","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11686","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11686","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-3884","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3884","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update10","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update_1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update_11","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update_12","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update_13","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update_14","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update_15","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update_16","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update_17","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update_18","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update_19","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update_2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update_20","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update_3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update_4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update_5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update_6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update_7","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update_8","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.5.0","cpe7":"update_9","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update_1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update_10","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update_11","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update_12","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update_13","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update_14","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update_15","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update_2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update_3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update_4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update_5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update_6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update_7","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update_8","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"1.6.0","cpe7":"update_9","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"1.5.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"*","cpe7":"update_21","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"1.6.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jre","cpe6":"*","cpe7":"update_16","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"3884","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"openjdk","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T06:45:50.924Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530300"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://support.apple.com/kb/HT3970"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://support.apple.com/kb/HT3969"},{"name":"GLSA-200911-02","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://security.gentoo.org/glsa/glsa-200911-02.xml"},{"name":"APPLE-SA-2009-12-03-1","tags":["vendor-advisory","x_refsource_APPLE","x_transferred"],"url":"http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"},{"name":"oval:org.mitre.oval:def:11686","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11686"},{"name":"oval:org.mitre.oval:def:6960","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6960"},{"name":"APPLE-SA-2009-12-03-2","tags":["vendor-advisory","x_refsource_APPLE","x_transferred"],"url":"http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"},{"name":"37581","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/37581"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://java.sun.com/javase/6/webnotes/6u17.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"},{"name":"MDVSA-2010:084","tags":["vendor-advisory","x_refsource_MANDRIVA","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"},{"name":"37386","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/37386"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2009-11-03T00:00:00.000Z","descriptions":[{"lang":"en","value":"The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-09-18T12:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530300"},{"tags":["x_refsource_CONFIRM"],"url":"http://support.apple.com/kb/HT3970"},{"tags":["x_refsource_CONFIRM"],"url":"http://support.apple.com/kb/HT3969"},{"name":"GLSA-200911-02","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://security.gentoo.org/glsa/glsa-200911-02.xml"},{"name":"APPLE-SA-2009-12-03-1","tags":["vendor-advisory","x_refsource_APPLE"],"url":"http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"},{"name":"oval:org.mitre.oval:def:11686","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11686"},{"name":"oval:org.mitre.oval:def:6960","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6960"},{"name":"APPLE-SA-2009-12-03-2","tags":["vendor-advisory","x_refsource_APPLE"],"url":"http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"},{"name":"37581","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/37581"},{"tags":["x_refsource_CONFIRM"],"url":"http://java.sun.com/javase/6/webnotes/6u17.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"},{"name":"MDVSA-2010:084","tags":["vendor-advisory","x_refsource_MANDRIVA"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"},{"name":"37386","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/37386"}]}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2009-3884","datePublished":"2009-11-09T19:00:00.000Z","dateReserved":"2009-11-05T00:00:00.000Z","dateUpdated":"2024-08-07T06:45:50.924Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-11-09 19:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:*:update_21:*:*:*:*:*:*","versionEndIncluding":"1.5.0","matchCriteriaId":"349EC26C-D1B9-44E4-A58E-E05326B7EC7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:*","versionEndIncluding":"1.6.0","matchCriteriaId":"64DE1804-F822-4D0D-82A3-3B9DE1F3B0D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*","matchCriteriaId":"14E6127E-A40D-437D-B57B-0D7F57D08559"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*","matchCriteriaId":"28AE4411-45D1-4978-BA61-334AD04FF8FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*","matchCriteriaId":"479EB097-495A-4730-AF51-F2C0064EBA6E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*","matchCriteriaId":"9B3E7C12-8D97-42CC-9B2B-A0AE3267DE69"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*","matchCriteriaId":"5024BE9F-CE32-4099-A646-F3EC5DB6F63C"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*","matchCriteriaId":"DA9FB72A-C55F-4878-89D5-375FDA08163B"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*","matchCriteriaId":"1CBC2A9C-9F21-4509-BA72-28B5DB16E55D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*","matchCriteriaId":"485F5ED3-062D-4A8E-AA34-9DC95D0D9646"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*","matchCriteriaId":"124364C5-0616-4C7A-A78F-08FABAA785CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*","matchCriteriaId":"A6BFFF1E-20D6-4508-9842-E7AB35F12B1D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*","matchCriteriaId":"DB7307A5-6F20-44FD-9D09-8FB76E444500"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*","matchCriteriaId":"2E7F3992-0C15-4371-BE14-0D2046B3976E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*","matchCriteriaId":"0E45DE8A-477B-4BF7-893B-D11DDEE82E82"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update_4:*:*:*:*:*:*","matchCriteriaId":"D107CE0B-2EF2-4CF0-869E-3E27CBCA4997"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update_5:*:*:*:*:*:*","matchCriteriaId":"81DABB45-F39C-4BF4-8F2B-0CEE60A44C00"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update_6:*:*:*:*:*:*","matchCriteriaId":"CDDBD68A-771C-44FD-96A3-3AE189DE2591"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update_7:*:*:*:*:*:*","matchCriteriaId":"8FBD21F3-AC92-4154-948E-509FB8E097F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update_8:*:*:*:*:*:*","matchCriteriaId":"D91F9E0C-0A76-4DBC-A4E5-74E6682A5765"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update_9:*:*:*:*:*:*","matchCriteriaId":"86F7EF21-5395-4F1F-A15D-A1C7EDBFAB2A"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*","matchCriteriaId":"A586DE4E-8A46-41DE-9FDB-5FDB81DCC87B"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*","matchCriteriaId":"09027C19-D442-446F-B7A8-21DB6787CF43"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*","matchCriteriaId":"0A0FEC28-0707-4F42-9740-78F3D2D551EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*","matchCriteriaId":"C3C5879A-A608-4230-9DC1-C27F0F48A13B"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*","matchCriteriaId":"0C71089A-BDDE-41FC-9DF9-9AEF4C2374DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*","matchCriteriaId":"2DBB6B73-8D6B-41FF-BEE0-E0C7F5F1EB41"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*","matchCriteriaId":"12A3B254-8580-45DB-BDE4-5B5A29CBFFB3"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*","matchCriteriaId":"1DB1DE6A-66AE-499B-AD92-9E6ACE474C6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*","matchCriteriaId":"7158D2C0-E9AC-4CD6-B777-EA7B7A181997"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*","matchCriteriaId":"90EC6C13-4B37-48E5-8199-A702A944D5A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*","matchCriteriaId":"2528152C-E20A-4D97-931C-A5EC3CEAA06D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*","matchCriteriaId":"A99DAB4C-272B-4C91-BC70-7729E1152590"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*","matchCriteriaId":"30DFC10A-A4D9-4F89-B17C-AB9260087D29"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*","matchCriteriaId":"272A5C44-18EC-41A9-8233-E9D4D0734EA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*","matchCriteriaId":"3DA21490-E253-4BDC-9BA8-5D068BE35189"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*","matchCriteriaId":"81C2C04D-D4BA-4C87-9609-C53AA63BFF19"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*","matchCriteriaId":"0E78309B-E13F-4B65-9F59-39A993B900AF"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"3884","Ordinal":"1","Title":"CVE-2009-3884","CVE":"CVE-2009-3884","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"3884","Ordinal":"1","NoteData":"The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.","Type":"Description","Title":"CVE-2009-3884"},{"CveYear":"2009","CveId":"3884","Ordinal":"2","NoteData":"2009-11-09","Type":"Other","Title":"Published"},{"CveYear":"2009","CveId":"3884","Ordinal":"3","NoteData":"2017-09-18","Type":"Other","Title":"Modified"}]}}}