Bug 436295 (CVE-2008-1192) - CVE-2008-1192 Java Plugin same-origin-policy bypass
Summary: CVE-2008-1192 Java Plugin same-origin-policy bypass
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2008-1192
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://sunsolve.sun.com/search/docume...
Whiteboard:
Depends On: 436304 436305 439176 439177 444749 455574 455726
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-03-06 12:54 UTC by Marc Schoenefeld
Modified: 2019-09-29 12:24 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2011-09-30 01:12:54 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0186 0 normal SHIPPED_LIVE Critical: java-1.5.0-sun security update 2008-03-06 22:11:54 UTC
Red Hat Product Errata RHSA-2008:0210 0 normal SHIPPED_LIVE Critical: java-1.5.0-ibm security update 2008-04-03 16:19:20 UTC
Red Hat Product Errata RHSA-2008:0267 0 normal SHIPPED_LIVE Critical: java-1.6.0-ibm security update 2008-05-19 15:30:31 UTC
Red Hat Product Errata RHSA-2008:0638 0 normal SHIPPED_LIVE Low: Red Hat Network Satellite Server IBM Java Runtime security update 2008-08-13 14:19:37 UTC

Description Marc Schoenefeld 2008-03-06 12:54:31 UTC 
A security vulnerability in the Java Plug-in may allow an applet that is
downloaded from a website to bypass the same origin policy and leverage this
flaw to execute local applications that are accessible to the user running the
untrusted applet.
Comment 3 Marc Schoenefeld 2008-04-03 11:54:44 UTC 
How it works (public): 

http://heasman.blogspot.com/2008/03/defeating-same-origin-policy-part-i.html
Note You need to log in before you can comment on or make changes to this bug.