CVE-2010-4448

2011-02-1719:00:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2010-4448

java

jre

oracle

networking

remote

untrusted

applets

vulnerability

8.1 High

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

79.1%

JSON

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves “DNS cache poisoning by untrusted applets.”

CPENameOperatorVersion
sun:jresun jreeq1.6.0
sun:jdksun jdkeq1.6.0
sun:jdksun jdkeq1.5.0
sun:sdksun sdkeq1.4.2_19
sun:sdksun sdkeq1.4.2
sun:sdksun sdkle1.4.2_29
sun:sdksun sdkeq1.4.2_26
sun:sdksun sdkeq1.4.2_10
sun:sdksun sdkeq1.4.2_12
sun:sdksun sdkeq1.4.2_17

CPE	Name	Operator	Version
sun:jre	sun jre	eq	1.6.0
sun:jdk	sun jdk	eq	1.6.0
sun:jdk	sun jdk	eq	1.5.0
sun:sdk	sun sdk	eq	1.4.2_19
sun:sdk	sun sdk	eq	1.4.2
sun:sdk	sun sdk	le	1.4.2_29
sun:sdk	sun sdk	eq	1.4.2_26
sun:sdk	sun sdk	eq	1.4.2_10
sun:sdk	sun sdk	eq	1.4.2_12
sun:sdk	sun sdk	eq	1.4.2_17