CVE-2006-6745

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2006-6745
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2006-12-26 23:28:00 UTC
Updated2018-10-30 16:26:00 UTC
DescriptionMultiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Sun J2se 1.4 All sdk All
Application Sun J2se 1.4.1 All sdk All
Application Sun J2se 1.4.2 All sdk All
Application Sun J2se 1.4.2_01 All sdk All
Application Sun J2se 1.4.2_02 All sdk All
Application Sun J2se 1.4.2_03 All sdk All
Application Sun J2se 1.4.2_04 All sdk All
Application Sun J2se 1.4.2_05 All sdk All
Application Sun J2se 1.4.2_06 All sdk All
Application Sun J2se 1.4.2_07 All sdk All
Application Sun J2se 1.4.2_08 All All All
Application Sun J2se 1.4.2_09 All All All
Application Sun J2se 1.4.2_10 All All All
Application Sun J2se 1.4.2_11 All All All
Application Sun J2se 1.4.2_12 All All All
Application Sun J2se 5.0 All sdk All
Application Sun J2se 5.0_update1 All sdk All
Application Sun J2se 5.0_update2 All sdk All
Application Sun J2se 5.0_update3 All All All
Application Sun J2se 5.0_update4 All All All
Application Sun J2se 5.0_update5 All All All
Application Sun J2se 5.0_update6 All All All
Application Sun J2se 5.0_update7 All All All
Application Sun J2se 1.4 All sdk All
Application Sun J2se 1.4.1 All sdk All
Application Sun J2se 1.4.2 All sdk All
Application Sun J2se 1.4.2_01 All sdk All
Application Sun J2se 1.4.2_02 All sdk All
Application Sun J2se 1.4.2_03 All sdk All
Application Sun J2se 1.4.2_04 All sdk All
Application Sun J2se 1.4.2_05 All sdk All
Application Sun J2se 1.4.2_06 All sdk All
Application Sun J2se 1.4.2_07 All sdk All
Application Sun J2se 1.4.2_08 All All All
Application Sun J2se 1.4.2_09 All All All
Application Sun J2se 1.4.2_10 All All All
Application Sun J2se 1.4.2_11 All All All
Application Sun J2se 1.4.2_12 All All All
Application Sun J2se 5.0 All sdk All
Application Sun J2se 5.0_update1 All sdk All
Application Sun J2se 5.0_update2 All sdk All
Application Sun J2se 5.0_update3 All All All
Application Sun J2se 5.0_update4 All All All
Application Sun J2se 5.0_update5 All All All
Application Sun J2se 5.0_update6 All All All
Application Sun J2se 5.0_update7 All All All
Application Sun Jre 1.4.1 All All All
Application Sun Jre 1.4.2 All All All
Application Sun Jre 1.4.2_1 All All All
Application Sun Jre 1.4.2_10 All All All
Application Sun Jre 1.4.2_11 All All All
Application Sun Jre 1.4.2_12 All All All
Application Sun Jre 1.4.2_13 All All All
Application Sun Jre 1.4.2_2 All All All
Application Sun Jre 1.4.2_3 All All All
Application Sun Jre 1.4.2_4 All All All
Application Sun Jre 1.4.2_5 All All All
Application Sun Jre 1.4.2_6 All All All
Application Sun Jre 1.4.2_7 All All All
Application Sun Jre 1.4.2_8 All All All
Application Sun Jre 1.4.2_9 All All All
Application Sun Jre 1.5.0 All All All
Application Sun Jre 1.5.0 update1 All All
Application Sun Jre 1.5.0 update2 All All
Application Sun Jre 1.5.0 update3 All All
Application Sun Jre 1.5.0 update4 All All
Application Sun Jre 1.5.0 update5 All All
Application Sun Jre 1.5.0 update6 All All
Application Sun Jre 1.5.0 update7 All All
Application Sun Jre 1.4.1 All All All
Application Sun Jre 1.4.2 All All All
Application Sun Jre 1.4.2_1 All All All
Application Sun Jre 1.4.2_10 All All All
Application Sun Jre 1.4.2_11 All All All
Application Sun Jre 1.4.2_12 All All All
Application Sun Jre 1.4.2_13 All All All
Application Sun Jre 1.4.2_2 All All All
Application Sun Jre 1.4.2_3 All All All
Application Sun Jre 1.4.2_4 All All All
Application Sun Jre 1.4.2_5 All All All
Application Sun Jre 1.4.2_6 All All All
Application Sun Jre 1.4.2_7 All All All
Application Sun Jre 1.4.2_8 All All All
Application Sun Jre 1.4.2_9 All All All
Application Sun Jre 1.5.0 All All All
Application Sun Jre 1.5.0 update1 All All
Application Sun Jre 1.5.0 update2 All All
Application Sun Jre 1.5.0 update3 All All
Application Sun Jre 1.5.0 update4 All All
Application Sun Jre 1.5.0 update5 All All
Application Sun Jre 1.5.0 update6 All All
Application Sun Jre 1.5.0 update7 All All

References

ReferenceSourceLinkTags
Gentoo update for sun-jdk and sun-jre-bin - Advisories - Secunia SECUNIA secunia.com
SecurityTracker.com Archives - Java Runtime Environment Serialization Bugs Let Remote Applets Gain Elevated Privileges SECTRACK securitytracker.com Patch, Vendor Advisory
Webmail - OVH VUPEN www.vupen.com
Gentoo Linux Documentation -- Blackdown Java: Applet privilege escalation GENTOO www.gentoo.org
US-CERT Technical Cyber Security Alert TA07-022A -- Sun Updates for Multiple Vulnerabilities in Java CERT www.us-cert.gov US Government Resource
Gentoo update for emul-linux-x86-java - Advisories - Secunia SECUNIA secunia.com
SUSE update for Sun Java - Advisories - Secunia SECUNIA secunia.com
Red Hat update for java-1.4.2-ibm - Advisories - Secunia SECUNIA secunia.com
Gentoo blackdown-jdk and blackdown-jre Vulnerabilities - Advisories - Secunia SECUNIA secunia.com
SUSE update for Java / IBM Java - Advisories - Secunia SECUNIA secunia.com
rhn.redhat.com | Red Hat Support REDHAT www.redhat.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH VUPEN www.vupen.com
BEA JRockit Multiple Vulnerabilities - Advisories - Secunia SECUNIA secunia.com
Webmail - OVH VUPEN www.vupen.com
US-CERT Vulnerability Note VU#102289 CERT-VN www.kb.cert.org US Government Resource
Non-trusted Applets may be able to exploit serialization condition to elevate privileges BEA dev2dev.bea.com
Support REDHAT www.redhat.com
Security update for IBM Java CONFIRM support.novell.com
#102731: Security Vulnerabilities Related to Serialization in the Java Runtime Environment may Allow Untrusted Applets to Elevate Privileges SUNALERT sunsolve.sun.com Vendor Advisory
APPLE-SA-2007-12-14 Java Release 6 for Mac OS X 10.4 APPLE lists.apple.com
SuSE Security announcements: [suse-security-announce] SUSE Security Announcement: Sun Java security update (SUSE-SA:2007:003) SUSE lists.suse.com
Repository / Oval Repository OVAL oval.cisecurity.org
Security update for Java CONFIRM support.novell.com
HP-UX update for JRE / JDK - Advisories - Secunia SECUNIA secunia.com
Sun Java Runtime Environment Multiple Remote Privilege Escalation Vulnerabilities BID www.securityfocus.com
SUSE update for IBM JRE/SDK Java and Sun Java JRE/SDK - Advisories - Secunia SECUNIA secunia.com
Webmail - OVH VUPEN www.vupen.com
Gentoo Linux Documentation -- AMD64 x86 emulation Sun's J2SE Development Kit: Multiple vulnerabilities GENTOO security.gentoo.org
Security Announcement SUSE www.novell.com
Mac OS X Java Multiple Vulnerabilities - Advisories - Secunia SECUNIA secunia.com
HPSBUX02196 HP h20000.www2.hp.com
Sun Java JRE Multiple Vulnerabilities - Advisories - Secunia SECUNIA secunia.com
Security Announcement SUSE www.novell.com
About the security content of Java Release 6 for Mac OS X 10.4 MISC docs.info.apple.com
Gentoo Linux Documentation -- Sun JDK/JRE: Multiple vulnerabilities GENTOO security.gentoo.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report