VYPR
Unrated severityNVD Advisory· Published Nov 9, 2009· Updated Jun 16, 2026

CVE-2009-3884

CVE-2009-3884

Description

The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

40
  • Sun Corporation/Jre37 versions
    cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*+ 36 more
    • cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_8:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update_9:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:*range: <=1.6.0
    • cpe:2.3:a:sun:jre:*:update_21:*:*:*:*:*:*range: <=1.5.0
  • cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*
  • Openjdk/OpenJDKllm-fuzzy
  • Range: 5.0 < Update 22; 6 < Update 17

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.