5.8

CVE-2009-1104

The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331.  NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunJava
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.17% 0.8
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/34495
http://secunia.com/advisories/34496
http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm
http://www.redhat.com/support/errata/RHSA-2009-0392.html
http://www.redhat.com/support/errata/RHSA-2009-0394.html
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/3316
http://secunia.com/advisories/37460
http://secunia.com/advisories/37386
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://secunia.com/advisories/35416
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
http://secunia.com/advisories/35255
http://www.vupen.com/english/advisories/2009/1426
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
http://marc.info/?l=bugtraq&m=124344236532162&w=2
http://secunia.com/advisories/35156
http://secunia.com/advisories/36185
http://www.redhat.com/support/errata/RHSA-2009-1038.html
http://www.securityfocus.com/bid/34240
https://rhn.redhat.com/errata/RHSA-2009-1198.html
http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1
Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1
Patch
Vendor Advisory
http://www.securitytracker.com/id?1021920
https://exchange.xforce.ibmcloud.com/vulnerabilities/49457
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6584