Vulnerability Name:

CVE-2006-6745 (CCN-31009)

Assigned:2006-12-19
Published:2006-12-19
Updated:2018-10-30
Summary:Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-6745

Source: BEA
Type: UNKNOWN
BEA07-171.00

Source: CCN
Type: Apple Web site
About the security content of Java Release 6 for Mac OS X 10.4

Source: MISC
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=307177

Source: HP
Type: UNKNOWN
HPSBUX02196

Source: APPLE
Type: UNKNOWN
APPLE-SA-2007-12-14

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:003

Source: CCN
Type: RHSA-2007-0062
Critical: java-1.4.2-ibm security update

Source: CCN
Type: RHSA-2007-0073
Critical: java-1.5.0-ibm security update

Source: CCN
Type: SA23445
Sun Java JRE Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
23445

Source: SECUNIA
Type: UNKNOWN
23650

Source: SECUNIA
Type: UNKNOWN
23835

Source: SECUNIA
Type: UNKNOWN
24099

Source: SECUNIA
Type: UNKNOWN
24189

Source: SECUNIA
Type: UNKNOWN
24468

Source: CCN
Type: SA25283
BEA JRockit Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
25283

Source: CCN
Type: SA25404
Gentoo blackdown-jdk and blackdown-jre Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
25404

Source: SECUNIA
Type: UNKNOWN
26049

Source: SECUNIA
Type: UNKNOWN
26119

Source: CCN
Type: SA28115
Mac OS X Java Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
28115

Source: GENTOO
Type: UNKNOWN
GLSA-200701-15

Source: GENTOO
Type: UNKNOWN
GLSA-200702-08

Source: CCN
Type: SECTRACK ID: 1017426
Java Runtime Environment Serialization Bugs Let Remote Applets Gain Elevated Privileges

Source: SECTRACK
Type: Patch, Vendor Advisory
1017426

Source: CCN
Type: Sun Alert ID: 102731
Security Vulnerabilities Related to Serialization in the Java Runtime Environment may Allow Untrusted Applets to Elevate Privileges

Source: SUNALERT
Type: Vendor Advisory
102731

Source: CCN
Type: ASA-2007-022
Security Vulnerabilities Related to Serialization in the Java Runtime Environment may Allow Untrusted Applets to Elevate Privileges (Sun 102731)

Source: CCN
Type: ASA-2007-091
java-1.4.2-ibm security update (RHSA-2007-0062)

Source: CCN
Type: ASA-2007-093
java-1.5.0-ibm security update (RHSA-2007-0073)

Source: CCN
Type: ASA-2007-119
HP-UX Java (JRE and JDK) Remote Execution of Arbitrary Code (HPSBUX02196)

Source: CONFIRM
Type: UNKNOWN
http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html

Source: CONFIRM
Type: UNKNOWN
http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html

Source: CCN
Type: GLSA-200701-15
Sun JDK/JRE: Multiple vulnerabilities

Source: CCN
Type: GLSA-200702-08
AMD64 x86 emulation Sun's J2SE Development Kit: Multiple vulnerabilities

Source: CCN
Type: GLSA-200705-20
Blackdown Java: Applet privilege escalation

Source: GENTOO
Type: UNKNOWN
GLSA-200705-20

Source: CCN
Type: US-CERT VU#102289
Sun Java JRE vulnerable to privilege escalation

Source: CERT-VN
Type: US Government Resource
VU#102289

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:010

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:045

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0062

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0073

Source: BID
Type: UNKNOWN
21673

Source: CCN
Type: BID-21673
Sun Java Runtime Environment Multiple Remote Privilege Escalation Vulnerabilities

Source: CERT
Type: US Government Resource
TA07-022A

Source: VUPEN
Type: UNKNOWN
ADV-2006-5074

Source: VUPEN
Type: UNKNOWN
ADV-2007-0936

Source: VUPEN
Type: UNKNOWN
ADV-2007-1814

Source: VUPEN
Type: UNKNOWN
ADV-2007-4224

Source: XF
Type: UNKNOWN
sun-java-serialization-code-execution(31009)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9621

Source: CCN
Type: BEA07-171.00
Non-trusted Applets may be able to exploit serialization condition to elevate privileges

Source: SUSE
Type: SUSE-SA:2007:003
Sun Java security update

Source: SUSE
Type: SUSE-SA:2007:010
IBMJava security update

Source: SUSE
Type: SUSE-SA:2007:045
IBM and Sun Java security problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:j2se:1.4:*:sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.1:*:sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2:*:sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_01:*:sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_02:*:sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_03:*:sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_04:*:sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_05:*:sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_06:*:sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_07:*:sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_08:*:*:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_09:*:*:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_10:*:*:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_11:*:*:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_12:*:*:*:*:*:*:*
  • OR cpe:/a:sun:j2se:5.0:*:sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:5.0_update1:*:sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:5.0_update2:*:sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:5.0_update3:*:*:*:*:*:*:*
  • OR cpe:/a:sun:j2se:5.0_update4:*:*:*:*:*:*:*
  • OR cpe:/a:sun:j2se:5.0_update5:*:*:*:*:*:*:*
  • OR cpe:/a:sun:j2se:5.0_update6:*:*:*:*:*:*:*
  • OR cpe:/a:sun:j2se:5.0_update7:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.1:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_3:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_4:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_5:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_6:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_7:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_8:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_9:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_10:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_11:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_12:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2_13:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update3:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update4:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update5:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update6:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update7:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sun:j2se:1.4.2_12:*:*:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_11:*:*:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_10:*:*:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_09:*:*:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_08:*:*:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_07::sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_06::sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_05::sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_04::sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_03::sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_02::sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2_01::sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.2::sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4.1::sdk:*:*:*:*:*
  • OR cpe:/a:sun:j2se:1.4::sdk:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_school_server:-:*:*:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20066745
    V
    		CVE-2006-6745
    2015-11-16
    oval:org.mitre.oval:def:9621
    V
    		Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE.
    2010-09-06
    BACK
    sun j2se 1.4
    sun j2se 1.4.1
    sun j2se 1.4.2
    sun j2se 1.4.2_01
    sun j2se 1.4.2_02
    sun j2se 1.4.2_03
    sun j2se 1.4.2_04
    sun j2se 1.4.2_05
    sun j2se 1.4.2_06
    sun j2se 1.4.2_07
    sun j2se 1.4.2_08
    sun j2se 1.4.2_09
    sun j2se 1.4.2_10
    sun j2se 1.4.2_11
    sun j2se 1.4.2_12
    sun j2se 5.0
    sun j2se 5.0_update1
    sun j2se 5.0_update2
    sun j2se 5.0_update3
    sun j2se 5.0_update4
    sun j2se 5.0_update5
    sun j2se 5.0_update6
    sun j2se 5.0_update7
    sun jre 1.4.1
    sun jre 1.4.2
    sun jre 1.4.2_1
    sun jre 1.4.2_2
    sun jre 1.4.2_3
    sun jre 1.4.2_4
    sun jre 1.4.2_5
    sun jre 1.4.2_6
    sun jre 1.4.2_7
    sun jre 1.4.2_8
    sun jre 1.4.2_9
    sun jre 1.4.2_10
    sun jre 1.4.2_11
    sun jre 1.4.2_12
    sun jre 1.4.2_13
    sun jre 1.5.0
    sun jre 1.5.0 update1
    sun jre 1.5.0 update2
    sun jre 1.5.0 update3
    sun jre 1.5.0 update4
    sun jre 1.5.0 update5
    sun jre 1.5.0 update6
    sun jre 1.5.0 update7
    sun j2se 1.4.2_12
    sun j2se 1.4.2_11
    sun j2se 1.4.2_10
    sun j2se 1.4.2_09
    sun j2se 1.4.2_08
    sun j2se 1.4.2_07
    sun j2se 1.4.2_06
    sun j2se 1.4.2_05
    sun j2se 1.4.2_04
    sun j2se 1.4.2_03
    sun j2se 1.4.2_02
    sun j2se 1.4.2_01
    sun j2se 1.4.2
    sun j2se 1.4.1
    sun j2se 1.4
    gentoo linux *
    suse linux enterprise server 8
    suse suse linux school server -
    novell linux desktop 9
    novell open enterprise server *
    suse suse linux 10.0
    redhat rhel extras 3
    redhat rhel extras 4
    suse suse linux 10.1
    suse linux enterprise server 9
    novell suse linux enterprise server 10 sp2
    novell open enterprise server *
    novell opensuse 10.2
    suse suse linux 9.3