CVE-2009-1106
OpenJDK: Improper parsing of crossdomain.xml files (intended access restriction bypass) (6798948)
Severity Score
6.4
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.
El Plug-in Java en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) 6 Update 12, 11, y 10 no analiza adecuadamente los archivos crossdomain.xml, lo que permite a atacantes remotos evitar las restricciones de acceso establecidas y conectarse a sitios de su elección a través de vectores desconocidos, también conocido como CR 6798948.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-03-25 CVE Reserved
- 2009-03-25 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (27)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/34496 | Third Party Advisory | |
| http://secunia.com/advisories/35156 | Third Party Advisory | |
| http://secunia.com/advisories/35255 | Third Party Advisory | |
| http://secunia.com/advisories/36185 | Third Party Advisory | |
| http://secunia.com/advisories/37386 | Third Party Advisory | |
| http://secunia.com/advisories/37460 | Third Party Advisory | |
| http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/507985/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/34240 | Vdb Entry | |
| http://www.securitytracker.com/id?1021920 | Vdb Entry | |
| http://www.vmware.com/security/advisories/VMSA-2009-0016.html | X_refsource_confirm | |
| http://www.vupen.com/english/advisories/2009/1426 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2009/3316 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49459 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6619 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1 | 2018-10-10 | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1 | 2018-10-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update_10 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update_11 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update_12 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_10 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_11 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_12 |
Affected
| ||||||