Lucene search

[email protected]CVE-2010-3561

HistoryOct 19, 2010 - 10:00 p.m.

CVE-2010-3561

2010-10-1922:00:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2010-3561

oracle

java

vulnerability

corba

remote attackers

confidentiality

integrity

availability

serversocket

cpu

8.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.4%

JSON

Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions.

CPENameOperatorVersion
sun:jresun jreeq1.6.0
sun:jdksun jdkeq1.6.0
sun:jdksun jdkeq1.5.0
sun:jresun jreeq1.5.0

CPE	Name	Operator	Version
sun:jre	sun jre	eq	1.6.0
sun:jdk	sun jdk	eq	1.6.0
sun:jdk	sun jdk	eq	1.5.0
sun:jre	sun jre	eq	1.5.0

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748

lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html

lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html

lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html

lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

marc.info/?l=bugtraq&m=134254866602253&w=2

secunia.com/advisories/41972

secunia.com/advisories/42377

secunia.com/advisories/42974

security.gentoo.org/glsa/glsa-201406-32.xml

support.avaya.com/css/P8/documents/100114315

support.avaya.com/css/P8/documents/100114327

support.avaya.com/css/P8/documents/100123193

www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html

www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

www.redhat.com/support/errata/RHSA-2010-0768.html

www.redhat.com/support/errata/RHSA-2010-0770.html

www.redhat.com/support/errata/RHSA-2010-0865.html

www.securityfocus.com/archive/1/516397/100/0/threaded

www.securityfocus.com/bid/44013

www.ubuntu.com/usn/USN-1010-1

www.vmware.com/security/advisories/VMSA-2011-0003.html

www.vupen.com/english/advisories/2010/3086

bugzilla.redhat.com/show_bug.cgi?id=639880

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12200

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12437

8.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.4%

JSON

Related for CVE-2010-3561

ubuntucve1 prion1 veracode1 nessus28 openvas24 centos1 fedora3 redhat3 oraclelinux1 ubuntu1 cisco1 vmware2 gentoo2 oracle1