FKIE_CVE-2009-1105

Vulnerability from fkie_nvd - Published: 2009-03-25 23:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.
References
cve@mitre.orghttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2010//May/msg00001.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=124344236532162&w=2
cve@mitre.orghttp://secunia.com/advisories/34496
cve@mitre.orghttp://secunia.com/advisories/35156
cve@mitre.orghttp://secunia.com/advisories/35255
cve@mitre.orghttp://secunia.com/advisories/36185
cve@mitre.orghttp://secunia.com/advisories/37386
cve@mitre.orghttp://secunia.com/advisories/37460
cve@mitre.orghttp://secunia.com/advisories/39819
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200911-02.xml
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1Patch, Vendor Advisory
cve@mitre.orghttp://support.apple.com/kb/HT4171
cve@mitre.orghttp://support.avaya.com/elmodocs2/security/ASA-2009-108.htm
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2009-0392.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2009-1038.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/507985/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/34240
cve@mitre.orghttp://www.securitytracker.com/id?1021920
cve@mitre.orghttp://www.vmware.com/security/advisories/VMSA-2009-0016.html
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/1426
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/3316
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/1191
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/49458
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6642
cve@mitre.orghttps://rhn.redhat.com/errata/RHSA-2009-1198.html
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=124344236532162&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34496
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35156
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35255
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36185
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37386
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37460
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39819
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200911-02.xml
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4171
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2009-0392.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2009-1038.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/507985/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34240
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021920
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2009-0016.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1426
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3316
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1191
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/49458
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6642
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2009-1198.html
Impacted products
Vendor Product Version
sun java *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:java:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DDA9F90-5D16-4E04-B285-D32C362279C6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490."
    },
    {
      "lang": "es",
      "value": "El plug-in en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) v6 Update 12, 11 y 10 permite a atacantes remotos asistidos por usuarios locales, provocar una que un applet de confianza ejecutarse en una versi\u00f3n del JRE antigua, lo que puede ser utilizado para explotar vulnerabilidades en esa versi\u00f3n antigua, tambi\u00e9n conocido como CR 6706490."
    }
  ],
  "id": "CVE-2009-1105",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-03-25T23:30:00.453",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34496"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35156"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35255"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/36185"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37386"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37460"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/39819"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT4171"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/34240"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021920"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/1426"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/1191"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49458"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6642"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35156"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35255"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39819"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34240"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021920"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.