CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
81.0%
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.
Vendor | Product | Version | CPE |
---|---|---|---|
sun | jdk | 1.6.0 | cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:* |
sun | jdk | 1.6.0 | cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:* |
sun | jdk | 1.6.0 | cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:* |
sun | jre | 1.6.0 | cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:* |
sun | jre | 1.6.0 | cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:* |
sun | jre | 1.6.0 | cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:* |
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
marc.info/?l=bugtraq&m=124344236532162&w=2
secunia.com/advisories/34496
secunia.com/advisories/35156
secunia.com/advisories/35255
secunia.com/advisories/36185
secunia.com/advisories/37386
secunia.com/advisories/37460
security.gentoo.org/glsa/glsa-200911-02.xml
sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1
sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1
support.avaya.com/elmodocs2/security/ASA-2009-108.htm
www.redhat.com/support/errata/RHSA-2009-0392.html
www.redhat.com/support/errata/RHSA-2009-1038.html
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/34240
www.securitytracker.com/id?1021920
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2009/1426
www.vupen.com/english/advisories/2009/3316
exchange.xforce.ibmcloud.com/vulnerabilities/49459
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6619
rhn.redhat.com/errata/RHSA-2009-1198.html