PT-2009-3684 · Oracle+1 · Java Se Development Kit+3

Publicado

2009-03-25

Atualizado

2018-10-10

CVE-2009-1106

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Java SE Development Kit (JDK) and Java Runtime Environment (JRE) versions 6 Update 10 through 6 Update 12

Description The issue allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors due to improper parsing of crossdomain.xml files by the Java Plug-in.

Recommendations For Java SE Development Kit (JDK) and Java Runtime Environment (JRE) versions 6 Update 10 through 6 Update 12, consider disabling the Java Plug-in as a temporary workaround until a patch is available.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2009-1106

HPSBUX02429

RHSA-2009:0392

RHSA-2009:1038

RHSA-2009:1198

RHSA-2010:0043

Produtos afetados

Hp-Ux

Java Plug-In

Java Runtime Environment

Java Se Development Kit

PT-2009-3684 · Oracle+1 · Java Se Development Kit+3

CVE-2009-1106

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 44