PT-2009-3684 · Oracle+1 · Java Se Development Kit+3

Published

2009-03-25

Updated

2018-10-10

CVE-2009-1106

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Java SE Development Kit (JDK) and Java Runtime Environment (JRE) versions 6 Update 10 through 6 Update 12

Description The issue allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors due to improper parsing of crossdomain.xml files by the Java Plug-in.

Recommendations For Java SE Development Kit (JDK) and Java Runtime Environment (JRE) versions 6 Update 10 through 6 Update 12, consider disabling the Java Plug-in as a temporary workaround until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2009-1106

HPSBUX02429

RHSA-2009:0392

RHSA-2009:1038

RHSA-2009:1198

RHSA-2010:0043

Affected Products

Hp-Ux

Java Plug-In

Java Runtime Environment

Java Se Development Kit

PT-2009-3684 · Oracle+1 · Java Se Development Kit+3

CVE-2009-1106

Weakness Enumeration

Related Identifiers

Affected Products

References · 44