Launchpad.net

CVE 2009-1106

The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.

Related bugs and status

CVE-2009-1106 (Candidate) is related to these bugs:

Bug #85969: Java Docs Package Won't Install

		In	Importance	Status
85969	Java Docs Package Won't Install	sun-java6 (Ubuntu)	Medium	Fix Released
85969	Java Docs Package Won't Install	sun-java5 (Ubuntu)	Medium	Invalid
85969	Java Docs Package Won't Install	j2se1.4-i586 (Ubuntu)	Wishlist	Invalid

See the

CVE page on Mitre.org for more details.

References

MISC: http://sunsolve.sun.co...
SUNALERT: 254611
CONFIRM: http://support.avaya.c...
REDHAT: RHSA-2009:0392
BID: 34240
SECTRACK: 1021920
SECUNIA: 34496
SUSE: SUSE-SA:2009:016
REDHAT: RHSA-2009:1038
SECUNIA: 35156
SECUNIA: 35255
VUPEN: ADV-2009-1426
SUSE: SUSE-SA:2009:036
REDHAT: RHSA-2009:1198
SECUNIA: 36185
GENTOO: GLSA-200911-02
CONFIRM: http://www.vmware.com/...
SECUNIA: 37386
SECUNIA: 37460
VUPEN: ADV-2009-3316
HP: HPSBMA02429
HP: SSRT090058
HP: HPSBUX02429
XF: jre-plugin-crossdomain...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20091120 VMSA-2009-001...