1. Home
  2. CVE Database
  3. CVE-2009-3880
MEDIUM · 5.0

CVE-2009-3880

The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to ...

Vulnerability Description

The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
SunJre<= 1.5.0
SunOpenjdkAll versions

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2009-3880?

CVE-2009-3880 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to ...

How severe is CVE-2009-3880?

CVE-2009-3880 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-3880?

Check the references section above for vendor advisories and patch information. Affected products include: Sun Jre, Sun Openjdk.