* Michel Messerschmidt: > http://idssi.enyo.de/tracker/CVE-2006-2426 currently states that no > fixed Sun Java packages exist and lists even version 1.5.0-08-1 as > vulnerable. > > I think this is wrong because CVE-2006-2426 mentions only > vulnerabilities in Java up to 1.5.0_06.
This is not the way CVE works. It presents confirmed data; the version ranges aren't necessarily exact, they can be a subset of the actually affected versions. I could not find any confirmation that the bug has indeed been fixed in subsequent versions. Have you tested the exploit against a more recent version? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
