6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.007 Low
EPSS
Percentile
80.5%
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime
Environment (JRE) 6 Update 12, 11, and 10 does not properly parse
crossdomain.xml files, which allows remote attackers to bypass intended
access restrictions and connect to arbitrary sites via unknown vectors, aka
CR 6798948.