CVE-2009-3728

Priority
Low
Description
Directory traversal vulnerability in the ICC_Profile.getInstance method in
Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6
before Update 17, and OpenJDK, allows remote attackers to determine the
existence of local International Color Consortium (ICC) profile files via a
.. (dot dot) in a pathname, aka Bug Id 6631533.
References
Package
Upstream:released (6b17)
Package
Upstream:released (1.5.0-22)
Package
Upstream:released (6.17)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:36:57 UTC (commit 9756)