CVE-2006-0614 - OpenCVE

Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Sun	Sdk Jdk Jre

Configuration 1 [-]

OR	cpe:2.3:a:sun:jdk:5.0:::::::*
	cpe:2.3:a:sun:jdk:5.0:update1::::::
	cpe:2.3:a:sun:jdk:5.0:update2::::::
	cpe:2.3:a:sun:jdk:5.0:update3::::::
	cpe:2.3:a:sun:jre::::::::
	cpe:2.3:a:sun:jre::::::::
	cpe:2.3:a:sun:jre:5.0:::::::*
	cpe:2.3:a:sun:jre:5.0:update1::::::
	cpe:2.3:a:sun:jre:5.0:update2::::::
	cpe:2.3:a:sun:jre:5.0:update3::::::
	cpe:2.3:a:sun:sdk::::::::
	cpe:2.3:a:sun:sdk::::::::

References

Link	Resource
http://docs.info.apple.com/article.html?artnum=303658	Third Party Advisory
http://secunia.com/advisories/18760	Third Party Advisory
http://secunia.com/advisories/18884	Third Party Advisory
http://securitytracker.com/id?1015596	Third Party Advisory VDB Entry
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1	Broken Link Patch
http://www.gentoo.org/security/en/glsa/glsa-200602-07.xml	Third Party Advisory
http://www.kb.cert.org/vuls/id/759996	Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2006/0467	Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2006/0828	Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2006/1398	Permissions Required Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/24561	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-02-09T02:00:00

Updated: 2017-07-19T15:57:01

Reserved: 2006-02-09T00:00:00

Link: CVE-2006-0614

JSON object: View

NVD Information

Status : Analyzed

Published: 2006-02-09T02:02:00.000

Modified: 2018-10-04T22:11:53.863

Link: CVE-2006-0614

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-02-07T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the \"first issue.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-0828", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0828"}, {"name": "GLSA-200602-07", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-07.xml"}, {"name": "1015596", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015596"}, {"name": "ADV-2006-0467", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0467"}, {"name": "18884", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18884"}, {"name": "sun-jre-reflection-privilege-elevation(24561)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24561"}, {"name": "18760", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18760"}, {"name": "VU#759996", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/759996"}, {"name": "ADV-2006-1398", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1398"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=303658"}, {"name": "102171", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0614", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the \"first issue.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-0828", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0828"}, {"name": "GLSA-200602-07", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-07.xml"}, {"name": "1015596", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015596"}, {"name": "ADV-2006-0467", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0467"}, {"name": "18884", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18884"}, {"name": "sun-jre-reflection-privilege-elevation(24561)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24561"}, {"name": "18760", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18760"}, {"name": "VU#759996", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/759996"}, {"name": "ADV-2006-1398", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1398"}, {"name": "http://docs.info.apple.com/article.html?artnum=303658", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=303658"}, {"name": "102171", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0614", "datePublished": "2006-02-09T02:00:00", "dateReserved": "2006-02-09T00:00:00", "dateUpdated": "2017-07-19T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sun:jdk:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D9D9B6F3-906D-4CCC-9655-99A1496B1475", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:5.0:update1:*:*:*:*:*:*", "matchCriteriaId": "15AFED7D-005C-4BDF-9E98-D79A5164BF86", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:5.0:update2:*:*:*:*:*:*", "matchCriteriaId": "896AD81D-C7D9-4CF4-B7E7-C4FFDF3477FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:5.0:update3:*:*:*:*:*:*", "matchCriteriaId": "AEBBA0B7-B05D-438C-BB0B-3FEE4D11D1F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C45EF9E-57AE-4EB1-B787-ECAC8353A329", "versionEndIncluding": "1.3.1_16", "versionStartIncluding": "1.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:*:*:*:*:*:*:*:*", "matchCriteriaId": "88A9881D-77F9-4872-B363-BF47977FF4E1", "versionEndIncluding": "1.4.2_8", "versionStartIncluding": "1.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "3241D774-D0F4-4529-A779-2F4F11813D18", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:5.0:update1:*:*:*:*:*:*", "matchCriteriaId": "ABE265F4-C6C3-4266-8C1C-A058C6AD06E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:5.0:update2:*:*:*:*:*:*", "matchCriteriaId": "94DC01AD-8FDB-44E0-B341-1E85CB6E11C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:5.0:update3:*:*:*:*:*:*", "matchCriteriaId": "C89AE14B-16C8-453D-9728-D8E08EAB864A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C309E8B-4C1E-47F0-A173-72D5C3E75245", "versionEndIncluding": "1.3.1_16", "versionStartIncluding": "1.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "8526B561-0B12-40D1-9B40-EF2D3EA8C9C7", "versionEndIncluding": "1.4.2_08", "versionStartIncluding": "1.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the \"first issue.\""}], "id": "CVE-2006-0614", "lastModified": "2018-10-04T22:11:53.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-02-09T02:02:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://docs.info.apple.com/article.html?artnum=303658"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/18760"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/18884"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1015596"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Patch"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-07.xml"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/759996"}, {"source": "cve@mitre.org", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2006/0467"}, {"source": "cve@mitre.org", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2006/0828"}, {"source": "cve@mitre.org", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2006/1398"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24561"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}