7.1 High
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.007 Low
EPSS
Percentile
80.4%
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.
CPE | Name | Operator | Version |
---|---|---|---|
jdk | eq | 1.6.0 update-11 | |
jdk | eq | 1.6.0 update-10 | |
jdk | eq | 1.6.0 update-12 | |
jre | eq | 1.6.0 update-10 | |
jre | eq | 1.6.0 update-12 | |
jre | eq | 1.6.0 update-11 |
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
secunia.com/advisories/34496
secunia.com/advisories/35156
secunia.com/advisories/35255
secunia.com/advisories/36185
secunia.com/advisories/37386
secunia.com/advisories/37460
security.gentoo.org/glsa/glsa-200911-02.xml
sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1
sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1
support.avaya.com/elmodocs2/security/ASA-2009-108.htm
www.redhat.com/support/errata/RHSA-2009-0392.html
www.redhat.com/support/errata/RHSA-2009-1038.html
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/34240
www.securitytracker.com/id?1021920
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2009/1426
www.vupen.com/english/advisories/2009/3316
exchange.xforce.ibmcloud.com/vulnerabilities/49459
marc.info/?l=bugtraq&m=124344236532162&w=2
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6619
rhn.redhat.com/errata/RHSA-2009-1198.html