Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applets outbound connections by connecting to certain localhost services running on the machine that loaded the applet.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Jdk | Sun | * | 1.5.0 (including) |
| Jdk | Sun | * | 1.6.0 (including) |
| Jre | Sun | * | 1.5.0 (including) |
| Jre | Sun | * | 1.6.0 (including) |
| Sdk | Sun | * | 1.4.2_14 (including) |
| Extras for RHEL 4 | RedHat | java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4 | * |
| Extras for RHEL 4 | RedHat | java-1.5.0-ibm-1:1.5.0.5-1jpp.2.el4 | * |
| Red Hat Enterprise Linux 2.1 | RedHat | IBMJava2-JRE-1:1.3.1-17 | * |
| Red Hat Enterprise Linux 2.1 | RedHat | IBMJava2-SDK-1:1.3.1-17 | * |
| Supplementary for Red Hat Enterprise Linux 5 | RedHat | java-1.5.0-ibm-1:1.5.0.5-1jpp.0.1.el5 | * |
| Sun-java5 | Ubuntu | dapper | * |
| Sun-java5 | Ubuntu | edgy | * |
| Sun-java5 | Ubuntu | feisty | * |