CVE-2009-3728

Name of the Vulnerable Software and Affected Versions Java Runtime Environment (JRE) versions 5.0 before Update 22 Java Runtime Environment (JRE) versions 6 before Update 17 OpenJDK (affected versions not specified)

Description A directory traversal issue exists in the ICC Profile.getInstance method, allowing remote attackers to determine the existence of local International Color Consortium (ICC) profile files by using a .. (dot dot) in a pathname.

Recommendations For Java Runtime Environment (JRE) versions 5.0 before Update 22, update to version 5.0 Update 22 or later. For Java Runtime Environment (JRE) versions 6 before Update 17, update to version 6 Update 17 or later. For OpenJDK, at the moment, there is no information about a newer version that contains a fix for this issue.