CVE-2006-6736

Description

Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The second issue."

4.3

CVSS

Severity: Medium

CVSS 2.0 •

EPSS 1.36% Top 25%

Vendor Advisory redhat.com Vendor Advisory novell.com Vendor Advisory apple.com Vendor Advisory suse.com Vendor Advisory novell.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory gentoo.org Vendor Advisory gentoo.org Vendor Advisory sun.com Vendor Advisory gentoo.org

Affected: n/a n/a

References

Link	Tags
http://docs.info.apple.com/article.html?artnum=307177	third party advisory
http://secunia.com/advisories/26049	third party advisory
http://www.redhat.com/support/errata/RHSA-2007-0062.html	third party advisory vendor advisory
http://secunia.com/advisories/24099	third party advisory
http://secunia.com/advisories/25404	third party advisory
http://securitytracker.com/id?1017427	vdb entry third party advisory
http://secunia.com/advisories/24189	third party advisory
http://www.vupen.com/english/advisories/2006/5075	vdb entry permissions required
http://www.novell.com/linux/security/advisories/2007_45_java.html	third party advisory vendor advisory
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html	mailing list third party advisory vendor advisory
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html	mailing list third party advisory vendor advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9729	vdb entry third party advisory signature
http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html	third party advisory
http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html	third party advisory vendor advisory
http://secunia.com/advisories/26119	third party advisory
http://www.redhat.com/support/errata/RHSA-2007-0072.html	third party advisory vendor advisory
http://www.securityfocus.com/bid/21674	vdb entry third party advisory patch
http://www.vupen.com/english/advisories/2007/4224	vdb entry permissions required
http://secunia.com/advisories/23650	third party advisory
http://secunia.com/advisories/23835	third party advisory
http://www.redhat.com/support/errata/RHSA-2007-0073.html	vdb entry third party advisory vendor advisory
http://www.gentoo.org/security/en/glsa/glsa-200705-20.xml	third party advisory vendor advisory
http://secunia.com/advisories/28115	third party advisory
http://security.gentoo.org/glsa/glsa-200702-08.xml	third party advisory vendor advisory
http://secunia.com/advisories/23398	third party advisory
http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html	third party advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1	vendor advisory broken link
http://security.gentoo.org/glsa/glsa-200701-15.xml	third party advisory vendor advisory

Frequently Asked Questions

What is the severity of CVE-2006-6736?: CVE-2006-6736 has been scored as a medium severity vulnerability.
How to fix CVE-2006-6736?: To fix CVE-2006-6736, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2006-6736 being actively exploited in the wild?: It is possible that CVE-2006-6736 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.