Detections
Analytics
CVE-2009-1106
critical
Description
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.
References
https://rhn.redhat.com/errata/RHSA-2009-1198.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6619
https://exchange.xforce.ibmcloud.com/vulnerabilities/49459
http://www.vupen.com/english/advisories/2009/3316
http://www.vupen.com/english/advisories/2009/1426
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.securitytracker.com/id?1021920
http://www.securityfocus.com/bid/34240
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.redhat.com/support/errata/RHSA-2009-1038.html
http://www.redhat.com/support/errata/RHSA-2009-0392.html
http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://secunia.com/advisories/37460
http://secunia.com/advisories/37386
http://secunia.com/advisories/36185
http://secunia.com/advisories/35255
http://secunia.com/advisories/35156
http://secunia.com/advisories/34496
http://marc.info/?l=bugtraq&m=124344236532162&w=2
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133