Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2010-0094
HistoryApr 01, 2010 - 4:30 p.m.

CVE-2010-0094

2010-04-0116:30:00
NVD-CWE-noinfo
[email protected]
web.nvd.nist.gov
50
cve-2010-0094
java
oracle
vulnerability
remote attackers
confidentiality
integrity
availability
deserialization
rmiconnectionimpl

5.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.937 High

EPSS

Percentile

99.1%

JSON

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.

References

Related

canvas 1
symantec 1
veracode 1
metasploit 1
seebug 1
packetstorm 1
ubuntucve 1
securityvulns 5
prion 1
zdi 1
exploitdb 1
checkpoint_advisories 1
redhat 6
nessus 33
openvas 28
centos 1
oraclelinux 1
ubuntu 1
fedora 3
securelist 1
suse 2
gentoo 1
oracle 1
canvas
canvas
Immunity Canvas: JAVA_DESERIALIZE2
2010-04-01 16:30:00
symantec
symantec
Oracle Java SE and Java for Business CVE-2010-0094 Remote Java Runtime Environment Vulnerability
2010-03-30 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:45:51
metasploit
metasploit
Java RMIConnectionImpl Deserialization Privilege Escalation
2010-09-08 08:20:55
seebug
seebug
Java RMIConnectionImpl Deserialization Privilege Escalation Exploit
2014-07-01 00:00:00
packetstorm
packetstorm
Java RMIConnectionImpl Deserialization Privilege Escalation Exploit
2010-09-09 00:00:00
ubuntucve
ubuntucve
CVE-2010-0094
2010-04-01 00:00:00
securityvulns
securityvulns
ZDI-10-051: Sun Java Runtime RMIConnectionImpl Privileged Context Remote Code Execution Vulnerability
2010-04-06 00:00:00
[USN-923-1] OpenJDK vulnerabilities
2010-04-07 00:00:00
Oracle Sun Java multiple security vulnerabilities
2010-04-07 00:00:00
prion
prion
Deserialization of untrusted data
2010-04-01 16:30:00
zdi
zdi
Sun Java Runtime RMIConnectionImpl Privileged Context Remote Code Execution Vulnerability
2010-04-05 00:00:00
exploitdb
exploitdb
Java - RMIConnectionImpl Deserialization Privilege Escalation (Metasploit)
2010-09-27 00:00:00
checkpoint_advisories
checkpoint_advisories
Java Signed Applet (CVE-2008-5353; CVE-2010-0094; CVE-2010-0840)
2011-11-01 00:00:00
redhat
redhat
(RHSA-2010:0130) Moderate: java-1.5.0-ibm security update
2010-03-03 00:00:00
(RHSA-2010:0339) Important: java-1.6.0-openjdk security update
2010-03-31 00:00:00
(RHSA-2010:0383) Critical: java-1.6.0-ibm security update
2010-04-29 00:00:00
nessus
nessus
RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2010:0130)
2010-03-04 00:00:00
Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2010-0339)
2013-07-12 00:00:00
Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64
2012-08-01 00:00:00
openvas
openvas
RedHat Update for java-1.6.0-openjdk RHSA-2010:0339-01
2010-04-06 00:00:00
Ubuntu Update for openjdk-6 vulnerabilities USN-923-1
2010-04-09 00:00:00
CentOS Update for java CESA-2010:0339 centos5 i386
2011-08-09 00:00:00
centos
centos
java security update
2010-06-12 15:56:24
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2010-04-08 00:00:00
ubuntu
ubuntu
OpenJDK vulnerabilities
2010-04-07 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-37.b17.fc13
2010-04-09 21:05:39
[SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-34.b17.fc11
2010-04-09 01:32:00
[SECURITY] Fedora 12 Update: java-1.6.0-openjdk-1.6.0.0-37.b17.fc12
2010-04-09 01:28:22
securelist
securelist
Investigation Report for the September 2014 Equation malware detection incident in the US
2017-11-16 10:00:34
suse
suse
remote code execution in java-1_6_0-ibm
2010-07-01 17:43:53
remote code execution in java-1_5_0-ibm
2010-07-06 17:26:45
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2010-06-04 00:00:00
oracle
oracle
Security | Oracle Critical Patch Update - July 2010
2010-07-13 00:00:00

5.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.937 High

EPSS

Percentile

99.1%

JSON
Related for CVE-2010-0094
canvas1symantec1veracode1metasploit1seebug1packetstorm1ubuntucve1securityvulns5prion1zdi1exploitdb1checkpoint_advisories1redhat6nessus33openvas28centos1oraclelinux1ubuntu1fedora3securelist1suse2gentoo1oracle1