CVE-2006-6736
UnknownEPSS 2.31%
Last modified
CVE-2006-6736 is a vulnerability of currently unknown severity. Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The second issue.". EPSS estimates a 2.31% chance of exploitation in the next 30 days.
Description
Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The second issue."
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sun | Jdk | 1.5.0 |
| Sun | Jre | 1.3.1 |
| Sun | Jre | 1.3.1_2 |
| Sun | Jre | 1.3.1_03 |
| Sun | Jre | 1.3.1_04 |
| Sun | Jre | 1.3.1_05 |
| Sun | Jre | 1.3.1_06 |
| Sun | Jre | 1.3.1_07 |
| Sun | Jre | 1.3.1_08 |
| Sun | Jre | 1.3.1_09 |
| Sun | Jre | 1.3.1_10 |
| Sun | Jre | 1.3.1_11 |
| Sun | Jre | 1.3.1_12 |
| Sun | Jre | 1.3.1_13 |
| Sun | Jre | 1.3.1_14 |
| Sun | Jre | 1.3.1_15 |
| Sun | Jre | 1.3.1_16 |
| Sun | Jre | 1.3.1_17 |
| Sun | Jre | 1.3.1_18 |
| Sun | Jre | 1.4.2 |
| Sun | Jre | 1.4.2_1 |
| Sun | Jre | 1.4.2_2 |
| Sun | Jre | 1.4.2_3 |
| Sun | Jre | 1.4.2_4 |
| Sun | Jre | 1.4.2_5 |
| Sun | Jre | 1.4.2_6 |
| Sun | Jre | 1.4.2_7 |
| Sun | Jre | 1.4.2_8 |
| Sun | Jre | 1.4.2_9 |
| Sun | Jre | 1.4.2_10 |
| Sun | Jre | 1.4.2_11 |
| Sun | Jre | 1.4.2_12 |
| Sun | Jre | 1.5.0 |
| Sun | Sdk | 1.3.1 |
| Sun | Sdk | 1.3.1_01 |
| Sun | Sdk | 1.3.1_01a |
| Sun | Sdk | 1.3.1_02 |
| Sun | Sdk | 1.3.1_03 |
| Sun | Sdk | 1.3.1_04 |
| Sun | Sdk | 1.3.1_05 |
| Sun | Sdk | 1.3.1_06 |
| Sun | Sdk | 1.3.1_07 |
| Sun | Sdk | 1.3.1_08 |
| Sun | Sdk | 1.3.1_09 |
| Sun | Sdk | 1.3.1_10 |
| Sun | Sdk | 1.3.1_11 |
| Sun | Sdk | 1.3.1_12 |
| Sun | Sdk | 1.3.1_13 |
| Sun | Sdk | 1.3.1_14 |
| Sun | Sdk | 1.3.1_15 |
Showing 50 of 66 affected configurations. See NVD for the full list.
References
- http://docs.info.apple.com/article.html?artnum=307177Third Party Advisory
- http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.htmlMailing List, Third Party Advisory
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.htmlMailing List, Third Party Advisory
- http://secunia.com/advisories/23398Third Party Advisory
- http://secunia.com/advisories/23650Third Party Advisory
- http://secunia.com/advisories/23835Third Party Advisory
- http://secunia.com/advisories/24099Third Party Advisory
- http://secunia.com/advisories/24189Third Party Advisory
- http://secunia.com/advisories/25404Third Party Advisory
- http://secunia.com/advisories/26049Third Party Advisory
- http://secunia.com/advisories/26119Third Party Advisory
- http://secunia.com/advisories/28115Third Party Advisory
- http://security.gentoo.org/glsa/glsa-200701-15.xmlThird Party Advisory
- http://security.gentoo.org/glsa/glsa-200702-08.xmlThird Party Advisory
- http://securitytracker.com/id?1017427Third Party Advisory, VDB Entry
- http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.htmlThird Party Advisory
- http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.htmlThird Party Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200705-20.xmlThird Party Advisory
- http://www.novell.com/linux/security/advisories/2007_10_ibmjava.htmlThird Party Advisory
- http://www.novell.com/linux/security/advisories/2007_45_java.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0062.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0072.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0073.htmlThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/21674Patch, Third Party Advisory, VDB Entry
- http://www.vupen.com/english/advisories/2006/5075Permissions Required
- http://www.vupen.com/english/advisories/2007/4224Permissions Required
- http://docs.info.apple.com/article.html?artnum=307177Third Party Advisory
- http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.htmlMailing List, Third Party Advisory
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.htmlMailing List, Third Party Advisory
- http://secunia.com/advisories/23398Third Party Advisory
- http://secunia.com/advisories/23650Third Party Advisory
- http://secunia.com/advisories/23835Third Party Advisory
- http://secunia.com/advisories/24099Third Party Advisory
- http://secunia.com/advisories/24189Third Party Advisory
- http://secunia.com/advisories/25404Third Party Advisory
- http://secunia.com/advisories/26049Third Party Advisory
- http://secunia.com/advisories/26119Third Party Advisory
- http://secunia.com/advisories/28115Third Party Advisory
- http://security.gentoo.org/glsa/glsa-200701-15.xmlThird Party Advisory
- http://security.gentoo.org/glsa/glsa-200702-08.xmlThird Party Advisory
- http://securitytracker.com/id?1017427Third Party Advisory, VDB Entry
- http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.htmlThird Party Advisory
- http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.htmlThird Party Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200705-20.xmlThird Party Advisory
- http://www.novell.com/linux/security/advisories/2007_10_ibmjava.htmlThird Party Advisory
- http://www.novell.com/linux/security/advisories/2007_45_java.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0062.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0072.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0073.htmlThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/21674Patch, Third Party Advisory, VDB Entry
- http://www.vupen.com/english/advisories/2006/5075Permissions Required
- http://www.vupen.com/english/advisories/2007/4224Permissions Required
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-6736?
Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The second issue."
How severe is CVE-2006-6736?
Severity scoring for CVE-2006-6736 is pending analysis. The EPSS model estimates a 2.31% probability of exploitation in the next 30 days.
How do I fix CVE-2006-6736?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2006-6736?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST