CVE-2009-1106: Input Validation
First published: Wed Mar 25 2009(Updated: )
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenJDK | =1.6.0-update_11 | |
| OpenJDK | =1.6.0-update_10 | |
| Sun JRE | =1.6.0-update_10 | |
| OpenJDK | =1.6.0-update_12 | |
| Sun JRE | =1.6.0-update_12 | |
| Sun JRE | =1.6.0-update_11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1
- http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm
- http://www.redhat.com/support/errata/RHSA-2009-0392.html
- http://www.securityfocus.com/bid/34240
- http://www.securitytracker.com/id?1021920
- http://secunia.com/advisories/34496
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
- http://www.redhat.com/support/errata/RHSA-2009-1038.html
- http://secunia.com/advisories/35156
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
- http://secunia.com/advisories/35255
- http://www.vupen.com/english/advisories/2009/1426
- http://marc.info/?l=bugtraq&m=124344236532162&w=2
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
- https://rhn.redhat.com/errata/RHSA-2009-1198.html
- http://secunia.com/advisories/36185
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://secunia.com/advisories/37460
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://www.vupen.com/english/advisories/2009/3316
- http://secunia.com/advisories/37386
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49459
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6619
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2009-1106?
CVE-2009-1106 is classified as a medium severity vulnerability due to the potential for unauthorized access.
How do I fix CVE-2009-1106?
To fix CVE-2009-1106, upgrade to the latest version of the Java Runtime Environment or Java Development Kit.
What versions are affected by CVE-2009-1106?
CVE-2009-1106 affects Java SE Development Kit and Java Runtime Environment versions 6 Update 10, 11, and 12.
What is the impact of exploiting CVE-2009-1106?
Exploiting CVE-2009-1106 allows remote attackers to bypass access restrictions and connect to arbitrary sites.
Who can be impacted by CVE-2009-1106?
Users and organizations utilizing affected versions of the Java Runtime Environment or Development Kit are susceptible to CVE-2009-1106.
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/sun
- canonical/openjdk
- version/openjdk/1.6.0-update_11
- version/openjdk/1.6.0-update_10
- canonical/sun jre
- version/sun jre/1.6.0-update_10
- version/openjdk/1.6.0-update_12
- version/sun jre/1.6.0-update_12
- version/sun jre/1.6.0-update_11