CVE-2009-3884

Name of the Vulnerable Software and Affected Versions Sun Java SE versions 5.0 before Update 22 Sun Java SE versions 6 before Update 17 OpenJDK (affected versions not specified)

Description The TimeZone.getTimeZone method allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files.

Recommendations For Sun Java SE versions 5.0 before Update 22, update to Update 22 or later. For Sun Java SE versions 6 before Update 17, update to Update 17 or later. For OpenJDK, at the moment, there is no information about a newer version that contains a fix for this issue.