CVE-2009-1106
Description
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.
Risk Information
Base Score
8.2
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
EPSS Score
Exploitation Probability
1.394
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities affected in Java jdk (x64) 6.0(x64) | Windows |
| Multiple vulnerabilities affected in Java jdk 6.0 | Windows |
| Multiple vulnerabilities affected in Java jre (x64) 6.0(x64) | Windows |
| Multiple vulnerabilities affected in Java jre 6.0 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234