Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2010-3561
HistoryOct 19, 2010 - 12:00 a.m.

CVE-2010-3561

2010-10-1900:00:00
ubuntu.com
ubuntu.com
11

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.4%

JSON

Unspecified vulnerability in the CORBA component in Oracle Java SE and Java
for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to
affect confidentiality, integrity, and availability via unknown vectors.
NOTE: the previous information was obtained from the October 2010 CPU.
Oracle has not commented on claims from a reliable downstream vendor that
this involves the use of the privileged accept method in the ServerSocket
class, which does not limit which hosts can connect and allows remote
attackers to bypass intended network access restrictions.

Notes

Author Note
sbeattie red hat description: The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions.
OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchopenjdk-6< 1.8.2-4ubuntu1~8.04.1UNKNOWN
ubuntu9.04noarchopenjdk-6< 1.8.2-4ubuntu1~9.04.1UNKNOWN
ubuntu9.10noarchopenjdk-6< 1.8.2-4ubuntu1~9.10.1UNKNOWN
ubuntu10.04noarchopenjdk-6< 1.8.2-4ubuntu2UNKNOWN
ubuntu10.10noarchopenjdk-6< 6b20-1.9.1-1ubuntu3UNKNOWN
ubuntu10.10noarchopenjdk-6b18< 6b18-1.8.2-4ubuntu1UNKNOWN
ubuntu8.04noarchsun-java6< 6.22-0ubuntu1~8.04.1UNKNOWN
ubuntu9.04noarchsun-java6< 6.22-0ubuntu1~9.04.1UNKNOWN
ubuntu9.10noarchsun-java6< 6.22-0ubuntu1~9.10.1UNKNOWN
ubuntu10.04noarchsun-java6< 6.22-0ubuntu1~10.04UNKNOWN
Rows per page:
1-10 of 111

Related

cve 1
prion 1
veracode 1
nessus 28
fedora 3
oraclelinux 1
redhat 3
openvas 24
centos 1
ubuntu 1
cisco 1
vmware 2
gentoo 2
oracle 1
cve
cve
CVE-2010-3561
2010-10-19 22:00:00
prion
prion
Design/Logic Flaw
2010-10-19 22:00:00
veracode
veracode
Authorization Bypass
2020-04-10 00:53:27
nessus
nessus
Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64
2012-08-01 00:00:00
Fedora 12 : java-1.6.0-openjdk-1.6.0.0-41.1.8.2.fc12 (2010-16240)
2010-10-22 00:00:00
Fedora 14 : java-1.6.0-openjdk-1.6.0.0-44.1.9.1.fc14 (2010-16312)
2010-10-18 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: java-1.6.0-openjdk-1.6.0.0-41.1.8.2.fc12
2010-10-21 06:04:44
[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-44.1.9.1.fc14
2010-10-18 05:38:07
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-43.1.8.2.fc13
2010-10-19 07:04:11
oraclelinux
oraclelinux
java-1.6.0-openjdk security and bug fix update
2010-10-13 00:00:00
redhat
redhat
(RHSA-2010:0865) Important: java-1.6.0-openjdk security and bug fix update
2010-11-10 00:00:00
(RHSA-2010:0768) Important: java-1.6.0-openjdk security and bug fix update
2010-10-13 00:00:00
(RHSA-2010:0770) Critical: java-1.6.0-sun security update
2010-10-14 00:00:00
openvas
openvas
Fedora Update for java-1.6.0-openjdk FEDORA-2010-16240
2010-10-22 00:00:00
Fedora Update for java-1.6.0-openjdk FEDORA-2010-16294
2010-10-22 00:00:00
Fedora Update for java-1.6.0-openjdk FEDORA-2010-16240
2010-10-22 00:00:00
centos
centos
java security update
2010-10-14 10:59:21
ubuntu
ubuntu
OpenJDK vulnerabilities
2010-10-28 00:00:00
cisco
cisco
MIT Kerberos GSS-API Library Remote Denial of Service Vulnerability
2010-05-19 15:40:37
vmware
vmware
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2011-11-05 00:00:00
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2011
2011-01-18 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.4%

JSON
Related for UB:CVE-2010-3561
cve1prion1veracode1nessus28fedora3oraclelinux1redhat3openvas24centos1ubuntu1cisco1vmware2gentoo2oracle1