CVE-2009-3880

Name of the Vulnerable Software and Affected Versions Java Runtime Environment (JRE) versions 5.0 through 5.0 Update 21 Java Runtime Environment (JRE) versions 6 through 6 Update 16 OpenJDK (affected versions not specified)

Description The issue is related to the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE), which does not properly restrict the objects that may be sent to loggers. This allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager.

Recommendations For Java Runtime Environment (JRE) versions 5.0 through 5.0 Update 21, update to version 5.0 Update 22 or later. For Java Runtime Environment (JRE) versions 6 through 6 Update 16, update to version 6 Update 17 or later. For OpenJDK, at the moment, there is no information about a newer version that contains a fix for this issue.