Definition


New Search

OpenJDK Zoneinfo File Existence Information Leak

oval:org.mitre.oval:def:6960

The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17 and OpenJDK allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files aka Bug Id 6824265.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • VMWare ESX Server 4.0
Class:
vulnerability
Reference(s):
  • CVE-2009-3884
Product(s):