PT-2009-3682 · Oracle+1 · Java Se Development Kit+3
Publicado
2009-03-25
·
Atualizado
2018-10-10
·
CVE-2009-1104
CVSS v2.0
5.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Java SE Development Kit (JDK) and Java Runtime Environment (JRE) versions 1.4.2 19 and earlier
Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier
Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier
Description
The Java Plug-in does not prevent Javascript loaded from localhost from connecting to other system ports, allowing attackers to bypass access restrictions via LiveConnect. This issue can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.
Recommendations
For Java SE Development Kit (JDK) and Java Runtime Environment (JRE) versions 1.4.2 19 and earlier, update to a version later than 1.4.2 19.
For Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, update to a version later than 5.0 Update 17.
For Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, update to a version later than 6 Update 12.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Hp-Ux
Java Plug-In
Java Runtime Environment
Java Se Development Kit