Vulnerability Details CVE-2009-3881
Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://java.sun.com/j2se/1.5.0/ReleaseNotes.html
- http://java.sun.com/javase/6/webnotes/6u17.html
- http://secunia.com/advisories/37386
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
- https://bugzilla.redhat.com/show_bug.cgi?id=530173
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11484
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6906
- http://java.sun.com/j2se/1.5.0/ReleaseNotes.html
- http://java.sun.com/javase/6/webnotes/6u17.html
- http://secunia.com/advisories/37386
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
- https://bugzilla.redhat.com/show_bug.cgi?id=530173
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11484
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6906