Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiSami KoivuZDI-10-055
HistoryApr 05, 2010 - 12:00 a.m.

Sun Java Runtime Environment Mutable InetAddress Socket Policy Violation Vulnerability

2010-04-0500:00:00
Sami Koivu
www.zerodayinitiative.com
13

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.061 Low

EPSS

Percentile

93.5%

JSON

This vulnerability allows remote attackers to violate security policies on vulnerable installations of Sun Java Runtime. User interaction is required to exploit this vulnerability in that the target must run a malicious applet. The specific flaw allows malicious applets to connect to network addresses other than the originating applet and client IPs. A handcrafted applet can override compile time checks to prevent compilation of a mutable InetAddress subclass. This results in the ability to circumvent the Applet SecurityManager restictions.

Related

securityvulns 5
veracode 1
prion 2
ubuntucve 2
cve 2
redhat 8
nessus 37
openvas 28
centos 1
oraclelinux 1
ubuntu 1
fedora 3
suse 2
gentoo 1
oracle 1
securityvulns
securityvulns
ZDI-10-055: Sun Java Runtime Environment Mutable InetAddress Socket Policy Violation Vulnerability
2010-04-06 00:00:00
[USN-923-1] OpenJDK vulnerabilities
2010-04-07 00:00:00
Oracle Sun Java multiple security vulnerabilities
2010-04-07 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:45:51
prion
prion
Design/Logic Flaw
2010-04-01 16:30:00
Design/Logic Flaw
2010-04-01 16:30:00
ubuntucve
ubuntucve
CVE-2010-0093
2010-04-01 00:00:00
CVE-2010-0095
2010-04-01 00:00:00
cve
cve
CVE-2010-0093
2010-04-01 16:30:00
CVE-2010-0095
2010-04-01 16:30:00
redhat
redhat
(RHSA-2010:0130) Moderate: java-1.5.0-ibm security update
2010-03-03 00:00:00
(RHSA-2010:0339) Important: java-1.6.0-openjdk security update
2010-03-31 00:00:00
(RHSA-2010:0574) Critical: java-1.4.2-ibm security update
2010-07-29 00:00:00
nessus
nessus
RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2010:0130)
2010-03-04 00:00:00
Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : openjdk-6 vulnerabilities (USN-923-1)
2010-04-09 00:00:00
Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64
2012-08-01 00:00:00
openvas
openvas
CentOS Update for java CESA-2010:0339 centos5 i386
2011-08-09 00:00:00
RedHat Update for java-1.6.0-openjdk RHSA-2010:0339-01
2010-04-06 00:00:00
Ubuntu Update for openjdk-6 vulnerabilities USN-923-1
2010-04-09 00:00:00
centos
centos
java security update
2010-06-12 15:56:24
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2010-04-08 00:00:00
ubuntu
ubuntu
OpenJDK vulnerabilities
2010-04-07 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-37.b17.fc13
2010-04-09 21:05:39
[SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-34.b17.fc11
2010-04-09 01:32:00
[SECURITY] Fedora 12 Update: java-1.6.0-openjdk-1.6.0.0-37.b17.fc12
2010-04-09 01:28:22
suse
suse
remote code execution in java-1_6_0-ibm
2010-07-01 17:43:53
remote code execution in java-1_5_0-ibm
2010-07-06 17:26:45
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2010-06-04 00:00:00
oracle
oracle
Security | Oracle Critical Patch Update - July 2010
2010-07-13 00:00:00

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.061 Low

EPSS

Percentile

93.5%

JSON
Related for ZDI-10-055
securityvulns5veracode1prion2ubuntucve2cve2redhat8nessus37openvas28centos1oraclelinux1ubuntu1fedora3suse2gentoo1oracle1