5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.005 Low
EPSS
Percentile
75.9%
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime
Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and
1.4.2_19 and earlier does not prevent Javascript that is loaded from the
localhost from connecting to other ports on the system, which allows
user-assisted attackers to bypass intended access restrictions via
LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged
with separate cross-site scripting (XSS) vulnerabilities for remote attack
vectors.