Lucene search

[email protected]CVE-2010-4471

HistoryFeb 17, 2011 - 7:00 p.m.

CVE-2010-4471

2011-02-1719:00:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2010-4471

java

oracle

jre

vulnerability

remote

untrusted applications

confidentiality

java web start

applets

system properties

nvd

8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

79.2%

JSON

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text.

CPENameOperatorVersion
sun:jresun jreeq1.6.0
sun:jdksun jdkeq1.6.0
sun:jdksun jdkeq1.5.0
sun:jresun jreeq1.5.0

CPE	Name	Operator	Version
sun:jre	sun jre	eq	1.6.0
sun:jdk	sun jdk	eq	1.6.0
sun:jdk	sun jdk	eq	1.5.0
sun:jre	sun jre	eq	1.5.0

References

lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html

lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html

marc.info/?l=bugtraq&m=134254866602253&w=2

marc.info/?l=bugtraq&m=134254957702612&w=2

secunia.com/advisories/43350

secunia.com/advisories/44954

security.gentoo.org/glsa/glsa-201406-32.xml

www.debian.org/security/2011/dsa-2224

www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html

www.mandriva.com/security/advisories?name=MDVSA-2011:054

www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html

www.redhat.com/support/errata/RHSA-2011-0282.html

www.redhat.com/support/errata/RHSA-2011-0880.html

www.securityfocus.com/bid/46399

exchange.xforce.ibmcloud.com/vulnerabilities/65405

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12089

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14417

8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

79.2%

JSON

Related for CVE-2010-4471

veracode1 prion1 ubuntucve1 openvas39 nessus32 ubuntu3 osv1 debian1 fedora6 redhat4 suse2 securityvulns1 vmware2 oracle1 gentoo2