CVE-2010-4450

2011-02-1719:00:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2010-4450

oracle

java se

java for business

vulnerability

jre

solaris

linux

confidentiality

integrity

availability

untrusted search path

7.9 High

AI Score

Confidence

High

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

39.0%

JSON

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.

CPENameOperatorVersion
sun:jresun jreeq1.6.0
sun:jdksun jdkeq1.6.0
sun:jdksun jdkeq1.5.0
sun:sdksun sdkeq1.4.2_19
sun:sdksun sdkeq1.4.2
sun:sdksun sdkle1.4.2_29
sun:sdksun sdkeq1.4.2_26
sun:sdksun sdkeq1.4.2_10
sun:sdksun sdkeq1.4.2_12
sun:sdksun sdkeq1.4.2_17

CPE	Name	Operator	Version
sun:jre	sun jre	eq	1.6.0
sun:jdk	sun jdk	eq	1.6.0
sun:jdk	sun jdk	eq	1.5.0
sun:sdk	sun sdk	eq	1.4.2_19
sun:sdk	sun sdk	eq	1.4.2
sun:sdk	sun sdk	le	1.4.2_29
sun:sdk	sun sdk	eq	1.4.2_26
sun:sdk	sun sdk	eq	1.4.2_10
sun:sdk	sun sdk	eq	1.4.2_12
sun:sdk	sun sdk	eq	1.4.2_17