CVE-2006-6745

Description

Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE.

9.3

CVSS

Severity: Critical

CVSS 2.0 •

EPSS 19.22% Top 5%

Vendor Advisory hp.com Vendor Advisory redhat.com Vendor Advisory novell.com Vendor Advisory apple.com Vendor Advisory suse.com Vendor Advisory novell.com Vendor Advisory redhat.com Vendor Advisory gentoo.org Vendor Advisory sun.com Vendor Advisory bea.com Vendor Advisory gentoo.org Vendor Advisory gentoo.org Vendor Advisory securitytracker.com

Affected: n/a n/a

References

Link	Tags
http://www.securityfocus.com/bid/21673	vdb entry
http://docs.info.apple.com/article.html?artnum=307177
http://secunia.com/advisories/24468	third party advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579	vendor advisory
http://secunia.com/advisories/26049	third party advisory
http://www.redhat.com/support/errata/RHSA-2007-0062.html	vendor advisory
http://www.vupen.com/english/advisories/2007/1814	vdb entry
http://secunia.com/advisories/25283	third party advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9621	vdb entry signature
http://secunia.com/advisories/24099	third party advisory
http://secunia.com/advisories/25404	third party advisory
http://secunia.com/advisories/24189	third party advisory
http://www.novell.com/linux/security/advisories/2007_45_java.html	vendor advisory
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html	vendor advisory
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html	vendor advisory
http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html
http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html	vendor advisory
http://secunia.com/advisories/26119	third party advisory
http://secunia.com/advisories/23445	third party advisory
http://www.vupen.com/english/advisories/2007/4224	vdb entry
http://secunia.com/advisories/23650	third party advisory
http://secunia.com/advisories/23835	third party advisory
http://securitytracker.com/id?1017426	vdb entry patch vendor advisory
http://www.redhat.com/support/errata/RHSA-2007-0073.html	vendor advisory
http://www.kb.cert.org/vuls/id/102289	third party advisory us government resource
http://www.gentoo.org/security/en/glsa/glsa-200705-20.xml	vendor advisory
http://secunia.com/advisories/28115	third party advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1	vendor advisory
http://dev2dev.bea.com/pub/advisory/240	vendor advisory
http://www.vupen.com/english/advisories/2006/5074	vdb entry
http://www.vupen.com/english/advisories/2007/0936	vdb entry
http://security.gentoo.org/glsa/glsa-200702-08.xml	vendor advisory
http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html
http://www.us-cert.gov/cas/techalerts/TA07-022A.html	third party advisory us government resource
http://security.gentoo.org/glsa/glsa-200701-15.xml	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2006-6745?: CVE-2006-6745 has been scored as a critical severity vulnerability.
How to fix CVE-2006-6745?: To fix CVE-2006-6745, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2006-6745 being actively exploited in the wild?: It is possible that CVE-2006-6745 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~19% probability that this vulnerability will be exploited by malicious actors in the next 30 days.