Vulnerability Details : CVE-2009-1105
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.
Exploit prediction scoring system (EPSS) score for CVE-2009-1105
Probability of exploitation activity in the next 30 days: 2.38%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-1105
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2009-1105
- http://www.redhat.com/support/errata/RHSA-2009-1038.html
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
- http://www.securitytracker.com/id?1021920
- http://www.redhat.com/support/errata/RHSA-2009-0392.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
-
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
VMSA-2009-0016.6
-
http://www.vupen.com/english/advisories/2009/3316
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
- https://rhn.redhat.com/errata/RHSA-2009-1198.html
-
http://www.vupen.com/english/advisories/2010/1191
Webmail | OVH- OVH
- http://marc.info/?l=bugtraq&m=124344236532162&w=2
- http://www.securityfocus.com/bid/34240
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6642
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/49458
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
-
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
Apple - Lists.apple.com
- http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm
-
http://support.apple.com/kb/HT4171
About the security content of Java for Mac OS X 10.6 Update 2 - Apple Support
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1
Patch;Vendor Advisory
- http://www.vupen.com/english/advisories/2009/1426
Products affected by CVE-2009-1105
- cpe:2.3:a:sun:java:*:*:*:*:*:*:*:*