Red Hat Bugzilla – Bug 492308
CVE-2009-1104 OpenJDK: Intended access restrictions bypass via LiveConnect (6724331)
Last modified: 2010-12-20 13:12:26 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1104 to the following vulnerability: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104 http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1
This issue has been addressed in following products: Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:0392 https://rhn.redhat.com/errata/RHSA-2009-0392.html
This issue has been addressed in following products: Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:0394 https://rhn.redhat.com/errata/RHSA-2009-0394.html
This issue has been addressed in following products: Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:1038 https://rhn.redhat.com/errata/RHSA-2009-1038.html
This issue has been addressed in following products: Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:1198 https://rhn.redhat.com/errata/RHSA-2009-1198.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.1 Via RHSA-2009:1662 https://rhn.redhat.com/errata/RHSA-2009-1662.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.3 Via RHSA-2010:0043 https://rhn.redhat.com/errata/RHSA-2010-0043.html