Published: 25/03/2009 Updated: 10/10/2018

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote malicious users to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun jdk 1.6.0
sun jre 1.6.0

Synopsis Critical: java-160-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by the R ...

Synopsis Critical: java-160-sun security update Type/Severity Security Advisory: Critical Topic Updated java-160-sun packages that correct several security issues arenow available for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by t ...

Synopsis Critical: java-150-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-150-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by the R ...

Synopsis Low: Red Hat Network Satellite Server IBM Java Runtime security update Type/Severity Security Advisory: Low Topic Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Network Satellite Server 53This update has been rated as having low security impact by th ...

CWE-20 http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1 http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm http://www.redhat.com/support/errata/RHSA-2009-0392.html http://www.securityfocus.com/bid/34240 http://www.securitytracker.com/id?1021920 http://secunia.com/advisories/34496 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html http://www.redhat.com/support/errata/RHSA-2009-1038.html http://secunia.com/advisories/35156 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 http://secunia.com/advisories/35255 http://www.vupen.com/english/advisories/2009/1426 http://marc.info/?l=bugtraq&m=124344236532162&w=2 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html https://rhn.redhat.com/errata/RHSA-2009-1198.html http://secunia.com/advisories/36185 http://security.gentoo.org/glsa/glsa-200911-02.xml http://secunia.com/advisories/37460 http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2009/3316 http://secunia.com/advisories/37386 https://exchange.xforce.ibmcloud.com/vulnerabilities/49459 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6619 http://www.securityfocus.com/archive/1/507985/100/0/threaded https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2009:1198

CVE-2009-1106

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect