Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-1423
HistoryApr 15, 2010 - 12:00 a.m.

CVE-2010-1423

2010-04-1500:00:00
ubuntu.com
ubuntu.com
15

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.931

Percentile

99.1%

Argument injection vulnerability in the URI handler in (a) Java NPAPI
plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other
versions, when running on Windows and possibly on Linux, allows remote
attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm
argument to javaws.exe, which is processed by the launch method. NOTE:
some of these details are obtained from third party information.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchsun-java6< 6.20dlj-0ubuntu1.8.04UNKNOWN
ubuntu9.04noarchsun-java6< 6.20dlj-0ubuntu1.9.04UNKNOWN
ubuntu9.10noarchsun-java6< 6.20dlj-0ubuntu1.9.10UNKNOWN

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.931

Percentile

99.1%