CVE-2009-1106 Information

Description

The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 11 and 10 does not properly parse crossdomain.xml files which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors aka CR 6798948.

Reference

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html http://marc.info/?l=bugtraq&m=124344236532162&w=2 http://secunia.com/advisories/34496 http://secunia.com/advisories/35156 http://secunia.com/advisories/35255 http://secunia.com/advisories/36185 http://secunia.com/advisories/37386 http://secunia.com/advisories/37460 http://security.gentoo.org/glsa/glsa-200911-02.xml http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1 http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm http://www.redhat.com/support/errata/RHSA-2009-0392.html http://www.redhat.com/support/errata/RHSA-2009-1038.html http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.securityfocus.com/bid/34240 http://www.securitytracker.com/id?1021920 http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2009/1426 http://www.vupen.com/english/advisories/2009/3316 https://exchange.xforce.ibmcloud.com/vulnerabilities/49459 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6619 https://rhn.redhat.com/errata/RHSA-2009-1198.html