VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Nov 9, 2009· Updated Apr 23, 2026

CVE-2009-3884

CVE-2009-3884

Description

The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.

Affected products

38
  • Sun Corporation/Jre37 versions
    cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:*+ 36 more
    • cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:*range: <=1.6.0
    • cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_8:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_9:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:*:update_21:*:*:*:*:*:*range: <=1.5.0
  • Sun Corporation/Openjdk
    cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

13

News mentions

0

No linked articles in our index yet.