Definition


New Search

Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17 and OpenJDK allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname aka Bug Id 6631533.

oval:org.mitre.oval:def:10520

Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17 and OpenJDK allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname aka Bug Id 6631533.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 5
  • Red Hat Enterprise Linux 5
  • Oracle Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2009-3728
Product(s):