Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-1106
HistoryMar 25, 2009 - 12:00 a.m.

CVE-2009-1106

2009-03-2500:00:00
ubuntu.com
ubuntu.com
7

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.007 Low

EPSS

Percentile

80.5%

The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime
Environment (JRE) 6 Update 12, 11, and 10 does not properly parse
crossdomain.xml files, which allows remote attackers to bypass intended
access restrictions and connect to arbitrary sites via unknown vectors, aka
CR 6798948.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchsun-java6< 6.20dlj-0ubuntu1.8.04UNKNOWN
ubuntu9.04noarchsun-java6< 6.20dlj-0ubuntu1.9.04UNKNOWN
ubuntu9.10noarchsun-java6< 6.20dlj-0ubuntu1.9.10UNKNOWN
ubuntu10.04noarchsun-java6< 6.20dlj-1ubuntu3UNKNOWN

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.007 Low

EPSS

Percentile

80.5%

Related for UB:CVE-2009-1106