PRIOn knowledge basePRION:CVE-2009-1106Design/Logic Flaw
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jdk | eq | 1.6.0 update-11 | |
| jdk | eq | 1.6.0 update-10 | |
| jdk | eq | 1.6.0 update-12 | |
| jre | eq | 1.6.0 update-10 | |
| jre | eq | 1.6.0 update-12 | |
| jre | eq | 1.6.0 update-11 |
References
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
secunia.com/advisories/34496
secunia.com/advisories/35156
secunia.com/advisories/35255
secunia.com/advisories/36185
secunia.com/advisories/37386
secunia.com/advisories/37460
security.gentoo.org/glsa/glsa-200911-02.xml
sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1
sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1
support.avaya.com/elmodocs2/security/ASA-2009-108.htm
www.redhat.com/support/errata/RHSA-2009-0392.html
www.redhat.com/support/errata/RHSA-2009-1038.html
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/34240
www.securitytracker.com/id?1021920
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2009/1426
www.vupen.com/english/advisories/2009/3316
exchange.xforce.ibmcloud.com/vulnerabilities/49459
marc.info/?l=bugtraq&m=124344236532162&w=2
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6619
rhn.redhat.com/errata/RHSA-2009-1198.html
Related
