VYPR
Unrated severityNVD Advisory· Published Nov 9, 2009· Updated Jun 16, 2026

CVE-2009-3728

CVE-2009-3728

Description

Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

41
  • Sun Corporation/Jre38 versions
    cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*+ 37 more
    • cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update8:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update9:*:*:*:*:*:*
    • (no CPE)range: 5.0 < Update 22, 6 < Update 17
  • cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*
  • Openjdk/OpenJDKllm-fuzzy
  • Range: 5.0 < Update 22, 6 < Update 17

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.