Vulnerability Details CVE-2009-1105
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.08
EPSS Ranking 91.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
- http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
- http://marc.info/?l=bugtraq&m=124344236532162&w=2
- http://secunia.com/advisories/34496
- http://secunia.com/advisories/35156
- http://secunia.com/advisories/35255
- http://secunia.com/advisories/36185
- http://secunia.com/advisories/37386
- http://secunia.com/advisories/37460
- http://secunia.com/advisories/39819
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1
- http://support.apple.com/kb/HT4171
- http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm
- http://www.redhat.com/support/errata/RHSA-2009-0392.html
- http://www.redhat.com/support/errata/RHSA-2009-1038.html
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
- http://www.securityfocus.com/bid/34240
- http://www.securitytracker.com/id?1021920
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://www.vupen.com/english/advisories/2009/1426
- http://www.vupen.com/english/advisories/2009/3316
- http://www.vupen.com/english/advisories/2010/1191
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49458
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6642
- https://rhn.redhat.com/errata/RHSA-2009-1198.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
- http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
- http://marc.info/?l=bugtraq&m=124344236532162&w=2
- http://secunia.com/advisories/34496
- http://secunia.com/advisories/35156
- http://secunia.com/advisories/35255
- http://secunia.com/advisories/36185
- http://secunia.com/advisories/37386
- http://secunia.com/advisories/37460
- http://secunia.com/advisories/39819
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1
- http://support.apple.com/kb/HT4171
- http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm
- http://www.redhat.com/support/errata/RHSA-2009-0392.html
- http://www.redhat.com/support/errata/RHSA-2009-1038.html
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
- http://www.securityfocus.com/bid/34240
- http://www.securitytracker.com/id?1021920
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://www.vupen.com/english/advisories/2009/1426
- http://www.vupen.com/english/advisories/2009/3316
- http://www.vupen.com/english/advisories/2010/1191
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49458
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6642
- https://rhn.redhat.com/errata/RHSA-2009-1198.html