6.4

CVE-2009-1106

The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunJdk Version1.6.0 Updateupdate_10
SunJdk Version1.6.0 Updateupdate_11
SunJdk Version1.6.0 Updateupdate_12
SunJre Version1.6.0 Updateupdate_10
SunJre Version1.6.0 Updateupdate_11
SunJre Version1.6.0 Updateupdate_12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.56% 0.878
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:N/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/34496
http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm
http://www.redhat.com/support/errata/RHSA-2009-0392.html
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/3316
http://secunia.com/advisories/37460
http://secunia.com/advisories/37386
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
http://secunia.com/advisories/35255
http://www.vupen.com/english/advisories/2009/1426
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
http://marc.info/?l=bugtraq&m=124344236532162&w=2
http://secunia.com/advisories/35156
http://secunia.com/advisories/36185
http://www.redhat.com/support/errata/RHSA-2009-1038.html
http://www.securityfocus.com/bid/34240
https://rhn.redhat.com/errata/RHSA-2009-1198.html
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1
Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1
Patch
Vendor Advisory
http://www.securitytracker.com/id?1021920
https://exchange.xforce.ibmcloud.com/vulnerabilities/49459
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6619