Lucene search

PRIOn knowledge basePRION:CVE-2009-1106

HistoryMar 25, 2009 - 11:30 p.m.

Design/Logic Flaw

2009-03-2523:30:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.007 Low

EPSS

Percentile

80.4%

JSON

The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.

CPENameOperatorVersion
jdkeq1.6.0 update-11
jdkeq1.6.0 update-10
jdkeq1.6.0 update-12
jreeq1.6.0 update-10
jreeq1.6.0 update-12
jreeq1.6.0 update-11

Name	Operator	Version
jdk	eq	1.6.0 update-11
jdk	eq	1.6.0 update-10
jdk	eq	1.6.0 update-12
jre	eq	1.6.0 update-10
jre	eq	1.6.0 update-12
jre	eq	1.6.0 update-11

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133

lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html

secunia.com/advisories/34496

secunia.com/advisories/35156

secunia.com/advisories/35255

secunia.com/advisories/36185

secunia.com/advisories/37386

secunia.com/advisories/37460

security.gentoo.org/glsa/glsa-200911-02.xml

sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1

sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1

support.avaya.com/elmodocs2/security/ASA-2009-108.htm

www.redhat.com/support/errata/RHSA-2009-0392.html

www.redhat.com/support/errata/RHSA-2009-1038.html

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/34240

www.securitytracker.com/id?1021920

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2009/1426

www.vupen.com/english/advisories/2009/3316

exchange.xforce.ibmcloud.com/vulnerabilities/49459

marc.info/?l=bugtraq&m=124344236532162&w=2

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6619

rhn.redhat.com/errata/RHSA-2009-1198.html

7.1 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.007 Low

EPSS

Percentile

80.4%

JSON

Related for PRION:CVE-2009-1106