CVE-2010-0840

Severity

75%

Complexity

99%

Confidentiality

106%

Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html 'Affected product releases and versions: • Java SE: • JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux • JDK 5.0 Update 23 and earlier for Solaris • SDK 1.4.2_25 and earlier for Solaris • Java for Business: • JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux • JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux • SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux'

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."

Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html 'Affected product releases and versions: • Java SE: • JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux • JDK 5.0 Update 23 and earlier for Solaris • SDK 1.4.2_25 and earlier for Solaris • Java for Business: • JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux • JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux • SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux'

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 15 years ago

2010-04-01 16:30:00

Last updated 6 years ago

2018-10-30 16:26:00

Affected Software

Sun JRE 1.6.0

1.6.0

Sun JRE 1.6.0 Update 1

1.6.0

Sun JRE 1.6.0 Update 10

1.6.0

Sun JRE 1.6.0 Update 11

1.6.0

Sun JRE 1.6.0 Update 12

1.6.0

Sun JRE 1.6.0 Update 13

1.6.0

Sun JRE 1.6.0 Update 14

1.6.0

Sun JRE 1.6.0 Update 15

1.6.0

Sun JRE 1.6.0 Update 16

1.6.0

Sun JRE 1.6.0 Update 17

1.6.0

Sun JRE 1.6.0 Update 2

1.6.0

Sun JRE 1.6.0 Update 3

1.6.0

Sun JRE 1.6.0 Update 4

1.6.0

Sun JRE 1.6.0 Update 5

1.6.0

Sun JRE 1.6.0 Update 6

1.6.0

Sun JRE 1.6.0 Update 7

1.6.0

Sun JDK 1.6.0

1.6.0

Sun JDK 6 Update 1

1.6.0

Sun JDK 1.6.0_01-b06

1.6.0

Sun JDK 6 Update 2

1.6.0

Sun JDK 1.6.0 Update 10

1.6.0

Sun JDK 1.6.0 Update 11

1.6.0

Sun JDK 1.6.0 Update 12

1.6.0

Sun JDK 1.6.0 Update 13

1.6.0

Sun JDK 1.6.0 Update 14

1.6.0

Sun JDK 1.6.0 Update 15

1.6.0

Sun JDK 1.6.0 Update 16

1.6.0

Sun JDK 1.6.0 Update 17

1.6.0

Sun JDK 1.6.0 Update 3

1.6.0

Sun JDK 1.6.0 Update 4

1.6.0

Sun JDK 1.6.0 Update 5

1.6.0

Sun JDK 1.6.0 Update 6

1.6.0

Sun JDK 1.6.0 Update 7

1.6.0

Sun JDK 1.5.0

1.5.0

Sun JDK 5.0 Update1

1.5.0

Sun JDK 5.0 Update10

1.5.0

Sun JDK 5.0 Update11

1.5.0

Sun JDK 5.0 Update12

1.5.0

Sun JDK 5.0 Update 13

1.5.0

Sun JDK 5.0 Update 14

1.5.0

Sun JDK 5.0 Update 15

1.5.0

Sun JDK 5.0 Update 16

1.5.0

Sun JDK 5.0 Update 17

1.5.0

Sun JDK 5.0 Update 18

1.5.0

Sun JDK 5.0 Update 19

1.5.0

Sun JDK 5.0 Update2

1.5.0

Sun JDK 5.0 Update 20

1.5.0

Sun JDK 5.0 Update 21

1.5.0

Sun JDK 5.0 Update3

1.5.0

Sun JDK 5.0 Update4

1.5.0

Sun JDK 5.0 Update5

1.5.0

Sun JDK 1.5.0_6

1.5.0

Sun JDK 5.0 Update7

1.5.0

Sun JDK 5.0 Update8

1.5.0

Sun JDK 5.0 Update9

1.5.0

SDK 1.4.2

1.4.2

Sun SDK 1.4.2_1

1.4.2_1

SDK 1.4.2_02

1.4.2_02

Sun SDK 1.4.2_3

1.4.2_3

Sun SDK 1.4.2_4

1.4.2_4

Sun SDK 1.4.2_5

1.4.2_5

Sun SDK 1.4.2_6

1.4.2_6

Sun SDK 1.4.2_7

1.4.2_7

Sun SDK 1.4.2_8

1.4.2_8

Sun SDK 1.4.2_9

1.4.2_9

Sun SDK 1.4.2_10

1.4.2_10

Sun SDK 1.4.2_11

1.4.2_11

Sun SDK 1.4.2_12

1.4.2_12

Sun SDK 1.4.2_13

1.4.2_13

Sun SDK 1.4.2_14

1.4.2_14

Sun SDK 1.4.2_15

1.4.2_15

Sun SDK 1.4.2_16

1.4.2_16

Sun SDK1.4.2_17

1.4.2_17

Sun SDK1.4.2_18

1.4.2_18

Sun SDK 1.4.2_19

1.4.2_19

Sun SDK 1.4.2_20

1.4.2_20

Sun SDK 1.4.2_21

1.4.2_21

SDK 1.4.2_22

1.4.2_22

Sun SDK 1.4.2_23

1.4.2_23

Sun SDK 1.4.2_24

1.4.2_24

Sun SDK

Sun JRE 1.5.0

1.5.0

Sun JRE 1.5.0_1 (JRE 5.0 Update 1)

1.5.0

Sun JRE 1.5.0_10 (JRE 5.0 Update 10)

1.5.0

Sun JRE 1.5.0_11 (JRE 5.0 Update 11)

1.5.0

Sun JRE 1.5.0_12 (JRE 5.0 Update 12)

1.5.0

Sun JRE 1.5.0_13 (JRE 5.0 Update 13)

1.5.0

Sun JRE 1.5.0_14 (JRE 5.0 Update 14)

1.5.0

Sun JRE 1.5.0_15 (JRE 5.0 Update 15)

1.5.0

Sun JRE 1.5.0_16 (JRE 5.0 Update 16)

1.5.0

Sun JRE 1.5.0_17 (JRE 5.0 Update 17)

1.5.0

Sun JRE 1.5.0_18 (JRE 5.0 Update 18)

1.5.0

Sun JRE 1.5.0_19 (JRE 5.0 Update 19)

1.5.0

Sun JRE 1.5.0_2 (JRE 5.0 Update 2)

1.5.0

Sun JRE 1.5.0_20 (JRE 5.0 Update 20)

1.5.0

Sun JRE 1.5.0_21 (JRE 5.0 Update 21)

1.5.0

Sun JRE 1.5.0_3 (JRE 5.0 Update 3)

1.5.0

Sun JRE 1.5.0_4 (JRE 5.0 Update 4)

1.5.0

Sun JRE 1.5.0_5 (JRE 5.0 Update 5)

1.5.0

Sun JRE 1.5.0_6 (JRE 5.0 Update 6)

1.5.0

Sun JRE 1.5.0_7 (JRE 5.0 Update 7)

1.5.0

Sun JRE 1.5.0_8 (JRE 5.0 Update 8)

1.5.0

Sun JRE 1.5.0_9 (JRE 5.0 Update 9)

1.5.0

Sun JRE 1.4.2

1.4.2

Sun JRE 1.4.2_1

1.4.2_1

Sun JRE 1.4.2_2

1.4.2_2

Sun JRE 1.4.2_3

1.4.2_3

Sun JRE 1.4.2_4

1.4.2_4

Sun JRE 1.4.2_5

1.4.2_5

Sun JRE 1.4.2_6

1.4.2_6

Sun JRE 1.4.2_7

1.4.2_7

Sun JRE 1.4.2_8

1.4.2_8

Sun JRE 1.4.2_9

1.4.2_9

Sun JRE 1.4.2_10

1.4.2_10

Sun JRE 1.4.2_11

1.4.2_11

Sun JRE 1.4.2_12

1.4.2_12

Sun JRE 1.4.2_13

1.4.2_13

Sun JRE 1.4.2_14

1.4.2_14

Sun JRE 1.4.2_15

1.4.2_15

Sun JRE 1.4.2_16

1.4.2_16

Sun JRE 1.4.2_17

1.4.2_17

Sun JRE 1.4.2_18

1.4.2_18

Sun JRE 1.4.2_19

1.4.2_19

Sun JRE 1.4.2_20

1.4.2_20

Sun JRE 1.4.2_21

1.4.2_21

Sun JRE 1.4.2_22

1.4.2_22

Sun JRE 1.4.2_23

1.4.2_23

Sun JRE 1.4.2_24

1.4.2_24

Sun JRE

References

SSRT100179

APPLE-SA-2010-05-18-1

APPLE-SA-2010-05-18-2

SUSE-SR:2010:008

SUSE-SR:2010:011

SUSE-SR:2010:017

SSRT100089

HPSBMU02799

39292

Vendor Advisory

39317

Vendor Advisory

39659

Vendor Advisory

39819

Vendor Advisory

40211

Vendor Advisory

40545

Vendor Advisory

43308

Vendor Advisory

http://support.apple.com/kb/HT4170

http://support.apple.com/kb/HT4171

USN-923-1

MDVSA-2010:084

http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html

RHSA-2010:0337

RHSA-2010:0338

RHSA-2010:0339

RHSA-2010:0383

RHSA-2010:0471

RHSA-2010:0489

20100405 ZDI-10-056: Sun Java Runtime Environment Trusted Methods Chaining Remote Code Execution Vulnerability

20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

39065

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

ADV-2010-1107

ADV-2010-1191

Vendor Advisory

ADV-2010-1454

Vendor Advisory

ADV-2010-1523

Vendor Advisory

ADV-2010-1793

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-10-056

oval:org.mitre.oval:def:13971

oval:org.mitre.oval:def:9974

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.