Vulnerability Name:

CVE-2006-0617 (CCN-24561)

Assigned:2006-02-07
Published:2006-02-07
Updated:2017-07-20
Summary:Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 5 and earlier allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fifth, sixth, and seventh issues."
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-0614

Source: MITRE
Type: CNA
CVE-2006-0615

Source: MITRE
Type: CNA
CVE-2006-0616

Source: MITRE
Type: CNA
CVE-2006-0617

Source: CCN
Type: APPLE-SA-2006-04-18 J2SE 5.0 Release 4
About the security content of J2SE 5.0 Release 4

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=303658

Source: CCN
Type: SA18760
Sun Java JRE "reflection" APIs Sandbox Security Bypass Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
18760

Source: SECUNIA
Type: UNKNOWN
18884

Source: CCN
Type: SECTRACK ID: 1015596
Sun Java Runtime Environment (JRE) Reflection API Multiple Bugs Let Applets Gain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1015596

Source: CCN
Type: Sun Alert ID: 102171
Security Vulnerabilities in the Java Runtime Environment may Allow an Untrusted Applet to Elevate its Privileges

Source: SUNALERT
Type: Patch, Vendor Advisory
102171

Source: CCN
Type: GLSA-200602-07
Sun JDK/JRE: Applet privilege escalation

Source: GENTOO
Type: UNKNOWN
GLSA-200602-07

Source: CCN
Type: US-CERT VU#759996
Sun Java Reflection API security bypass vulnerabilities

Source: CERT-VN
Type: US Government Resource
VU#759996

Source: CCN
Type: OSVDB ID: 23091
Sun Java JRE Unspecified reflection API Privilege Escalation (6277246)

Source: CCN
Type: OSVDB ID: 23092
Sun Java JRE Unspecified reflection API Privilege Escalation (6316316)

Source: CCN
Type: OSVDB ID: 23093
Sun Java JRE Unspecified reflection API Privilege Escalation (6316314)

Source: CCN
Type: OSVDB ID: 23094
Sun Java JRE Unspecified reflection API Privilege Escalation (6316322)

Source: CCN
Type: OSVDB ID: 23095
Sun Java JRE Unspecified reflection API Privilege Escalation (6343309)

Source: CCN
Type: OSVDB ID: 23096
Sun Java JRE Unspecified reflection API Privilege Escalation (6343350)

Source: CCN
Type: OSVDB ID: 23097
Sun Java JRE Unspecified reflection API Privilege Escalation (6343342)

Source: CCN
Type: TLSA-2006-4
Multiple vulnerabilities exist in Java

Source: VUPEN
Type: UNKNOWN
ADV-2006-0467

Source: VUPEN
Type: UNKNOWN
ADV-2006-0828

Source: VUPEN
Type: UNKNOWN
ADV-2006-1398

Source: XF
Type: UNKNOWN
sun-jre-reflection-privilege-elevation(24561)

Source: XF
Type: UNKNOWN
sun-jre-reflection-privilege-elevation(24561)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:jdk:*:update5:*:*:*:*:*:* (Version <= 1.5.0)
  • OR cpe:/a:sun:jre:*:update5:*:*:*:*:*:* (Version <= 1.5.0)

    • Configuration CCN 1:
  • cpe:/a:sun:jre:1.3.1:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update3:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update15:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update16:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update1a:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update4:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update8:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2:update1:linux:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2:update2:linux:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2:update3:linux:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2:update4:linux:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2:update5:linux:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update4:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update5:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update12:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sun jdk * update5
    sun jre * update5
    sun jre 1.3.1
    sun jre 1.4.2
    sun jre 1.5.0
    sun sdk 1.4.2
    sun jre 1.5.0 update3
    sun jdk 1.5.0
    sun jdk 1.5.0 update1
    sun jdk 1.5.0 update2
    sun jdk 1.5.0 update3
    sun jdk 1.5.0 update4
    sun jdk 1.5.0 update5
    sun jre 1.3.1 update1
    sun jre 1.3.1 update15
    sun jre 1.3.1 update16
    sun jre 1.3.1 update1a
    sun jre 1.3.1 update4
    sun jre 1.3.1 update8
    sun jre 1.4.2 update1
    sun jre 1.4.2 update2
    sun jre 1.4.2 update3
    sun jre 1.4.2 update4
    sun jre 1.4.2 update5
    sun jre 1.5.0 update1
    sun jre 1.5.0 update2
    sun jre 1.5.0 update4
    sun jre 1.5.0 update5
    sun sdk 1.3.1_01
    sun sdk 1.3.1_01a
    sun sdk 1.3.1_16
    sun sdk 1.4.2_03
    sun sdk 1.4.2_08
    sun sdk 1.4.2_09
    sun sdk 1.4.2_04
    sun sdk 1.4.2_02
    sun sdk 1.4.2_05
    sun sdk 1.4.2_06
    sun sdk 1.4.2_07
    sun sdk 1.4.2_01
    sun sdk 1.3.1_02
    sun sdk 1.3.1_04
    sun sdk 1.3.1_05
    sun sdk 1.3.1_06
    sun sdk 1.3.1_07
    sun sdk 1.3.1_08
    sun sdk 1.3.1_09
    sun sdk 1.3.1_10
    sun sdk 1.3.1_11
    sun sdk 1.3.1_12
    sun sdk 1.3.1_13
    sun sdk 1.3.1_14
    sun sdk 1.3.1_15
    sun jre 1.3.1 update2
    sun jre 1.3.1 update12
    sun sdk 1.3.1_03
    gentoo linux *
    apple mac os x 10.4.5
    apple mac os x server 10.4.5