National Vulnerability Database (NVD) National Vulnerability Database (CVE-2006-6745)

National Cyber-Alert System

Vulnerability Summary for CVE-2006-6745

Original release date:12/26/2006

Last revised:09/05/2008

Source: US-CERT/NIST

Overview

Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C) (legend)

Impact Subscore: 10.0

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA07-022A

Name: TA07-022A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA07-022A.html

US-CERT Vulnerability Note: VU#102289

Name: VU#102289

Hyperlink:http://www.kb.cert.org/vuls/id/102289

External Source: VUPEN

Name: ADV-2006-5074

Type: Advisory; Patch Information

Hyperlink:http://www.frsirt.com/english/advisories/2006/5074

External Source: SECTRACK

Name: 1017426

Type: Advisory; Patch Information

Hyperlink:http://securitytracker.com/id?1017426

External Source: BID

Name: 21673

Hyperlink:http://www.securityfocus.com/bid/21673

External Source: SUNALERT

Name: 102731

Type: Advisory

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1

External Source: REDHAT

Name: RHSA-2007:0073

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0073.html

External Source: REDHAT

Name: RHSA-2007:0062

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0062.html

External Source: SUSE

Name: SUSE-SA:2007:045

Hyperlink:http://www.novell.com/linux/security/advisories/2007_45_java.html

External Source: SUSE

Name: SUSE-SA:2007:010

Hyperlink:http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html

External Source: GENTOO

Name: GLSA-200705-20

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200705-20.xml

External Source: VUPEN

Name: ADV-2007-4224

Hyperlink:http://www.frsirt.com/english/advisories/2007/4224

External Source: VUPEN

Name: ADV-2007-1814

Hyperlink:http://www.frsirt.com/english/advisories/2007/1814

External Source: VUPEN

Name: ADV-2007-0936

Hyperlink:http://www.frsirt.com/english/advisories/2007/0936

External Source: CONFIRM

Name: http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html

Hyperlink:http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html

External Source: CONFIRM

Name: http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html

Hyperlink:http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html

External Source: GENTOO

Name: GLSA-200702-08

Hyperlink:http://security.gentoo.org/glsa/glsa-200702-08.xml

External Source: GENTOO

Name: GLSA-200701-15

Hyperlink:http://security.gentoo.org/glsa/glsa-200701-15.xml

External Source: SECUNIA

Name: 28115

Hyperlink:http://secunia.com/advisories/28115

External Source: SECUNIA

Name: 26119

Hyperlink:http://secunia.com/advisories/26119

External Source: SECUNIA

Name: 26049

Hyperlink:http://secunia.com/advisories/26049

External Source: SECUNIA

Name: 25404

Hyperlink:http://secunia.com/advisories/25404

External Source: SECUNIA

Name: 25283

Hyperlink:http://secunia.com/advisories/25283

External Source: SECUNIA

Name: 24468

Hyperlink:http://secunia.com/advisories/24468

External Source: SECUNIA

Name: 24189

Hyperlink:http://secunia.com/advisories/24189

External Source: SECUNIA

Name: 24099

Hyperlink:http://secunia.com/advisories/24099

External Source: SECUNIA

Name: 23835

Hyperlink:http://secunia.com/advisories/23835

External Source: SECUNIA

Name: 23650

Hyperlink:http://secunia.com/advisories/23650

External Source: SECUNIA

Name: 23445

Hyperlink:http://secunia.com/advisories/23445

External Source: SUSE

Name: SUSE-SA:2007:003

Hyperlink:http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html

External Source: APPLE

Name: APPLE-SA-2007-12-14

Hyperlink:http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html

External Source: HP

Name: HPSBUX02196

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579

External Source: MISC

Name: http://docs.info.apple.com/article.html?artnum=307177

Hyperlink:http://docs.info.apple.com/article.html?artnum=307177

External Source: BEA

Name: BEA07-171.00

Hyperlink:http://dev2dev.bea.com/pub/advisory/240

Vulnerable software and versions

Configuration 1

* cpe:/a:sun:j2se:1.4.1::sdk

* cpe:/a:sun:j2se:1.4.2::sdk

* cpe:/a:sun:j2se:1.4.2_01::sdk

* cpe:/a:sun:j2se:1.4.2_02::sdk

* cpe:/a:sun:j2se:1.4.2_03::sdk

* cpe:/a:sun:j2se:1.4.2_04::sdk

* cpe:/a:sun:j2se:1.4.2_05::sdk

* cpe:/a:sun:j2se:1.4.2_06::sdk

* cpe:/a:sun:j2se:1.4.2_07::sdk

* cpe:/a:sun:j2se:1.4.2_08

* cpe:/a:sun:j2se:1.4.2_09

* cpe:/a:sun:j2se:1.4.2_10

* cpe:/a:sun:j2se:1.4.2_11

* cpe:/a:sun:j2se:1.4.2_12

* cpe:/a:sun:j2se:1.4::sdk

* cpe:/a:sun:j2se:5.0::sdk

* cpe:/a:sun:j2se:5.0_update1::sdk

* cpe:/a:sun:j2se:5.0_update2::sdk

* cpe:/a:sun:j2se:5.0_update3

* cpe:/a:sun:j2se:5.0_update4

* cpe:/a:sun:j2se:5.0_update5

* cpe:/a:sun:j2se:5.0_update6

* cpe:/a:sun:j2se:5.0_update7

* cpe:/a:sun:jre:1.4.1

* cpe:/a:sun:jre:1.4.2

* cpe:/a:sun:jre:1.4.2:update1

* cpe:/a:sun:jre:1.4.2:update10

* cpe:/a:sun:jre:1.4.2:update11

* cpe:/a:sun:jre:1.4.2:update12

* cpe:/a:sun:jre:1.4.2:update13

* cpe:/a:sun:jre:1.4.2:update2

* cpe:/a:sun:jre:1.4.2:update3

* cpe:/a:sun:jre:1.4.2:update4

* cpe:/a:sun:jre:1.4.2:update5

* cpe:/a:sun:jre:1.4.2:update6

* cpe:/a:sun:jre:1.4.2:update7

* cpe:/a:sun:jre:1.4.2:update8

* cpe:/a:sun:jre:1.4.2:update9

* cpe:/a:sun:jre:1.5.0

* cpe:/a:sun:jre:1.5.0:update1

* cpe:/a:sun:jre:1.5.0:update2

* cpe:/a:sun:jre:1.5.0:update3

* cpe:/a:sun:jre:1.5.0:update4

* cpe:/a:sun:jre:1.5.0:update5

* cpe:/a:sun:jre:1.5.0:update6

* cpe:/a:sun:jre:1.5.0:update7

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6745