CVE-2009-1106 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-1106 Interim 1 16 2023-12-09T02:05:06Z current 2021-05-30T12:46:28Z 2023-12-09T02:05:06Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-1106 The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EQIX65SIYO3RWCEMJW64RYU7EMZBDAFH/#EQIX65SIYO3RWCEMJW64RYU7EMZBDAFH E-Mail link for SUSE-SA:2009:016 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RISH3WSQIVPWNN3PLKINSCVJ2WQUZLGR/#RISH3WSQIVPWNN3PLKINSCVJ2WQUZLGR E-Mail link for SUSE-SA:2009:036 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 java-1_6_0-ibm-1.6.0-124.7.1 java-1_6_0-ibm-alsa-1.6.0-124.7.1 java-1_6_0-ibm-alsa-x86-1.6.0-124.7.1 java-1_6_0-ibm-fonts-1.6.0-124.7.1 java-1_6_0-ibm-jdbc-1.6.0-124.7.1 java-1_6_0-ibm-plugin-1.6.0-124.7.1 java-1_6_0-ibm-x86-1.6.0-124.7.1 java-1_6_0-ibm-1.6.0-124.7.1 as a component of SUSE Linux Enterprise Server 11 java-1_6_0-ibm-alsa-1.6.0-124.7.1 as a component of SUSE Linux Enterprise Server 11 java-1_6_0-ibm-alsa-x86-1.6.0-124.7.1 as a component of SUSE Linux Enterprise Server 11 java-1_6_0-ibm-fonts-1.6.0-124.7.1 as a component of SUSE Linux Enterprise Server 11 java-1_6_0-ibm-jdbc-1.6.0-124.7.1 as a component of SUSE Linux Enterprise Server 11 java-1_6_0-ibm-plugin-1.6.0-124.7.1 as a component of SUSE Linux Enterprise Server 11 java-1_6_0-ibm-x86-1.6.0-124.7.1 as a component of SUSE Linux Enterprise Server 11 java-1_6_0-ibm-1.6.0-124.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 java-1_6_0-ibm-alsa-1.6.0-124.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 java-1_6_0-ibm-alsa-x86-1.6.0-124.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 java-1_6_0-ibm-fonts-1.6.0-124.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 java-1_6_0-ibm-jdbc-1.6.0-124.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 java-1_6_0-ibm-plugin-1.6.0-124.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 java-1_6_0-ibm-x86-1.6.0-124.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948. CVE-2009-1106 SUSE Linux Enterprise Server 11:java-1_6_0-ibm-1.6.0-124.7.1 SUSE Linux Enterprise Server 11:java-1_6_0-ibm-alsa-1.6.0-124.7.1 SUSE Linux Enterprise Server 11:java-1_6_0-ibm-alsa-x86-1.6.0-124.7.1 SUSE Linux Enterprise Server 11:java-1_6_0-ibm-fonts-1.6.0-124.7.1 SUSE Linux Enterprise Server 11:java-1_6_0-ibm-jdbc-1.6.0-124.7.1 SUSE Linux Enterprise Server 11:java-1_6_0-ibm-plugin-1.6.0-124.7.1 SUSE Linux Enterprise Server 11:java-1_6_0-ibm-x86-1.6.0-124.7.1 SUSE Linux Enterprise Server for SAP Applications 11:java-1_6_0-ibm-1.6.0-124.7.1 SUSE Linux Enterprise Server for SAP Applications 11:java-1_6_0-ibm-alsa-1.6.0-124.7.1 SUSE Linux Enterprise Server for SAP Applications 11:java-1_6_0-ibm-alsa-x86-1.6.0-124.7.1 SUSE Linux Enterprise Server for SAP Applications 11:java-1_6_0-ibm-fonts-1.6.0-124.7.1 SUSE Linux Enterprise Server for SAP Applications 11:java-1_6_0-ibm-jdbc-1.6.0-124.7.1 SUSE Linux Enterprise Server for SAP Applications 11:java-1_6_0-ibm-plugin-1.6.0-124.7.1 SUSE Linux Enterprise Server for SAP Applications 11:java-1_6_0-ibm-x86-1.6.0-124.7.1 moderate 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P