6.4
CVSSv2

CVE-2009-1106

Published: 25/03/2009 Updated: 10/10/2018
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Summary

The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote malicious users to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.

Vulnerable Product Search on Vulmon Subscribe to Product

sun jdk 1.6.0

sun jre 1.6.0

Vendor Advisories

Synopsis Critical: java-150-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-150-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by the R ...
Synopsis Critical: java-160-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by the R ...
Synopsis Critical: java-160-sun security update Type/Severity Security Advisory: Critical Topic Updated java-160-sun packages that correct several security issues arenow available for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by t ...

References

CWE-20http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.htmlhttp://marc.info/?l=bugtraq&m=124344236532162&w=2http://secunia.com/advisories/34496http://secunia.com/advisories/35156http://secunia.com/advisories/35255http://secunia.com/advisories/36185http://secunia.com/advisories/37386http://secunia.com/advisories/37460http://security.gentoo.org/glsa/glsa-200911-02.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1http://support.avaya.com/elmodocs2/security/ASA-2009-108.htmhttp://www.redhat.com/support/errata/RHSA-2009-0392.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1038.htmlhttp://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://www.securityfocus.com/bid/34240http://www.securitytracker.com/id?1021920http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://www.vupen.com/english/advisories/2009/1426http://www.vupen.com/english/advisories/2009/3316https://exchange.xforce.ibmcloud.com/vulnerabilities/49459https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6619https://rhn.redhat.com/errata/RHSA-2009-1198.htmlhttp://tools.cisco.com/security/center/viewAlert.x?alertId=17885https://nvd.nist.govhttps://www.rapid7.com/db/vulnerabilities/vmsa-2009-0016-5-jre-security-update-cve-2009-1104