ID CVE-2006-6745
Summary Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE.
References
Vulnerable Configurations
  • cpe:2.3:a:sun:j2se:1.4:*:sdk:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4:*:sdk:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:1.4.1:*:sdk:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4.1:*:sdk:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:1.4.2:*:sdk:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4.2:*:sdk:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:1.4.2_01:*:sdk:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4.2_01:*:sdk:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:1.4.2_02:*:sdk:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4.2_02:*:sdk:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:1.4.2_03:*:sdk:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4.2_03:*:sdk:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:1.4.2_04:*:sdk:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4.2_04:*:sdk:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:1.4.2_05:*:sdk:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4.2_05:*:sdk:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:1.4.2_06:*:sdk:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4.2_06:*:sdk:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:1.4.2_07:*:sdk:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4.2_07:*:sdk:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:1.4.2_08:*:*:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4.2_08:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:1.4.2_09:*:*:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4.2_09:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:1.4.2_10:*:*:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4.2_10:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:1.4.2_11:*:*:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4.2_11:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:1.4.2_12:*:*:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4.2_12:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:5.0:*:sdk:*:*:*:*:*
    cpe:2.3:a:sun:j2se:5.0:*:sdk:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:5.0_update1:*:sdk:*:*:*:*:*
    cpe:2.3:a:sun:j2se:5.0_update1:*:sdk:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:5.0_update2:*:sdk:*:*:*:*:*
    cpe:2.3:a:sun:j2se:5.0_update2:*:sdk:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:5.0_update3:*:*:*:*:*:*:*
    cpe:2.3:a:sun:j2se:5.0_update3:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:5.0_update4:*:*:*:*:*:*:*
    cpe:2.3:a:sun:j2se:5.0_update4:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:5.0_update5:*:*:*:*:*:*:*
    cpe:2.3:a:sun:j2se:5.0_update5:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:5.0_update6:*:*:*:*:*:*:*
    cpe:2.3:a:sun:j2se:5.0_update6:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:5.0_update7:*:*:*:*:*:*:*
    cpe:2.3:a:sun:j2se:5.0_update7:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 30-10-2018 - 16:26)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2010-09-06T04:14:07.166-04:00
class vulnerability
contributors
name Aharon Chernin
organization SCAP.com, LLC
description Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE.
family unix
id oval:org.mitre.oval:def:9621
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE.
version 6
redhat via4
advisories
  • rhsa
    id RHSA-2007:0062
  • rhsa
    id RHSA-2007:0073
rpms
  • java-1.4.2-ibm-0:1.4.2.7-1jpp.4.el3
  • java-1.4.2-ibm-0:1.4.2.7-1jpp.4.el4
  • java-1.4.2-ibm-demo-0:1.4.2.7-1jpp.4.el3
  • java-1.4.2-ibm-demo-0:1.4.2.7-1jpp.4.el4
  • java-1.4.2-ibm-devel-0:1.4.2.7-1jpp.4.el3
  • java-1.4.2-ibm-devel-0:1.4.2.7-1jpp.4.el4
  • java-1.4.2-ibm-javacomm-0:1.4.2.7-1jpp.4.el4
  • java-1.4.2-ibm-jdbc-0:1.4.2.7-1jpp.4.el3
  • java-1.4.2-ibm-jdbc-0:1.4.2.7-1jpp.4.el4
  • java-1.4.2-ibm-plugin-0:1.4.2.7-1jpp.4.el3
  • java-1.4.2-ibm-plugin-0:1.4.2.7-1jpp.4.el4
  • java-1.4.2-ibm-src-0:1.4.2.7-1jpp.4.el3
  • java-1.4.2-ibm-src-0:1.4.2.7-1jpp.4.el4
  • java-1.5.0-ibm-1:1.5.0.3-1jpp.3.el4
  • java-1.5.0-ibm-demo-1:1.5.0.3-1jpp.3.el4
  • java-1.5.0-ibm-devel-1:1.5.0.3-1jpp.3.el4
  • java-1.5.0-ibm-javacomm-1:1.5.0.3-1jpp.3.el4
  • java-1.5.0-ibm-jdbc-1:1.5.0.3-1jpp.3.el4
  • java-1.5.0-ibm-plugin-1:1.5.0.3-1jpp.3.el4
  • java-1.5.0-ibm-src-1:1.5.0.3-1jpp.3.el4
refmap via4
apple APPLE-SA-2007-12-14
bea BEA07-171.00
bid 21673
cert TA07-022A
cert-vn VU#102289
confirm
gentoo
  • GLSA-200701-15
  • GLSA-200702-08
  • GLSA-200705-20
hp
  • HPSBUX02196
  • SSRT071318
misc http://docs.info.apple.com/article.html?artnum=307177
sectrack 1017426
secunia
  • 23445
  • 23650
  • 23835
  • 24099
  • 24189
  • 24468
  • 25283
  • 25404
  • 26049
  • 26119
  • 28115
sunalert 102731
suse
  • SUSE-SA:2007:003
  • SUSE-SA:2007:010
  • SUSE-SA:2007:045
vupen
  • ADV-2006-5074
  • ADV-2007-0936
  • ADV-2007-1814
  • ADV-2007-4224
Last major update 30-10-2018 - 16:26
Published 26-12-2006 - 23:28
Last modified 30-10-2018 - 16:26
Back to Top