CVE-2010-3561

Severity

75%

Complexity

99%

Confidentiality

106%

Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html 'May be vulnerable only through untrusted Java Web Start applications and Java applets.'

Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions.

Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html 'May be vulnerable only through untrusted Java Web Start applications and Java applets.'

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Sun

First reported 14 years ago

2010-10-19 22:00:00

Last updated 6 years ago

2018-10-10 20:03:00

Affected Software

Sun JRE 1.6.0

1.6.0

Sun JRE 1.6.0 Update 1

1.6.0

Sun JRE 1.6.0 Update 10

1.6.0

Sun JRE 1.6.0 Update 11

1.6.0

Sun JRE 1.6.0 Update 12

1.6.0

Sun JRE 1.6.0 Update 13

1.6.0

Sun JRE 1.6.0 Update 14

1.6.0

Sun JRE 1.6.0 Update 15

1.6.0

Sun JRE 1.6.0 Update 16

1.6.0

Sun JRE 1.6.0 Update 17

1.6.0

Sun JRE 1.6.0 Update 18

1.6.0

Sun JRE 1.6.0 Update 19

1.6.0

Sun JRE 1.6.0 Update 2

1.6.0

Sun JRE 1.6.0 Update 20

1.6.0

Sun JRE 1.6.0 Update 3

1.6.0

Sun JRE 1.6.0 Update 4

1.6.0

Sun JRE 1.6.0 Update 5

1.6.0

Sun JRE 1.6.0 Update 6

1.6.0

Sun JRE 1.6.0 Update 7

1.6.0

Sun JDK 1.6.0

1.6.0

Sun JDK 6 Update 1

1.6.0

Sun JDK 1.6.0_01-b06

1.6.0

Sun JDK 6 Update 2

1.6.0

Sun JDK 1.6.0 Update 10

1.6.0

Sun JDK 1.6.0 Update 11

1.6.0

Sun JDK 1.6.0 Update 12

1.6.0

Sun JDK 1.6.0 Update 13

1.6.0

Sun JDK 1.6.0 Update 14

1.6.0

Sun JDK 1.6.0 Update 15

1.6.0

Sun JDK 1.6.0 Update 16

1.6.0

Sun JDK 1.6.0 Update 17

1.6.0

Sun JDK 1.6.0 Update 18

1.6.0

Sun JDK 1.6.0 Update 19

1.6.0

Sun JDK 1.6.0 Update 20

1.6.0

Sun JDK 1.6.0 Update 3

1.6.0

Sun JDK 1.6.0 Update 4

1.6.0

Sun JDK 1.6.0 Update 5

1.6.0

Sun JDK 1.6.0 Update 6

1.6.0

Sun JDK 1.6.0 Update 7

1.6.0

Sun JDK 1.5.0

1.5.0

Sun JDK 5.0 Update1

1.5.0

Sun JDK 5.0 Update10

1.5.0

Sun JDK 5.0 Update11

1.5.0

Sun JDK 5.0 Update12

1.5.0

Sun JDK 5.0 Update 13

1.5.0

Sun JDK 5.0 Update 14

1.5.0

Sun JDK 5.0 Update 15

1.5.0

Sun JDK 5.0 Update 16

1.5.0

Sun JDK 5.0 Update 17

1.5.0

Sun JDK 5.0 Update 18

1.5.0

Sun JDK 5.0 Update 19

1.5.0

Sun JDK 5.0 Update2

1.5.0

Sun JDK 5.0 Update 20

1.5.0

Sun JDK 5.0 Update 21

1.5.0

Sun JDK 5.0 Update 22

1.5.0

Sun JDK 5.0 Update 23

1.5.0

Sun JDK 5.0 Update 24

1.5.0

Sun JDK 5.0 Update3

1.5.0

Sun JDK 5.0 Update4

1.5.0

Sun JDK 5.0 Update5

1.5.0

Sun JDK 1.5.0_6

1.5.0

Sun JDK 5.0 Update7

1.5.0

Sun JDK 5.0 Update8

1.5.0

Sun JDK 5.0 Update9

1.5.0

Sun JRE 1.5.0

1.5.0

Sun JRE 1.5.0_1 (JRE 5.0 Update 1)

1.5.0

Sun JRE 1.5.0_10 (JRE 5.0 Update 10)

1.5.0

Sun JRE 1.5.0_11 (JRE 5.0 Update 11)

1.5.0

Sun JRE 1.5.0_12 (JRE 5.0 Update 12)

1.5.0

Sun JRE 1.5.0_13 (JRE 5.0 Update 13)

1.5.0

Sun JRE 1.5.0_14 (JRE 5.0 Update 14)

1.5.0

Sun JRE 1.5.0_15 (JRE 5.0 Update 15)

1.5.0

Sun JRE 1.5.0_16 (JRE 5.0 Update 16)

1.5.0

Sun JRE 1.5.0_17 (JRE 5.0 Update 17)

1.5.0

Sun JRE 1.5.0_18 (JRE 5.0 Update 18)

1.5.0

Sun JRE 1.5.0_19 (JRE 5.0 Update 19)

1.5.0

Sun JRE 1.5.0_2 (JRE 5.0 Update 2)

1.5.0

Sun JRE 1.5.0_20 (JRE 5.0 Update 20)

1.5.0

Sun JRE 1.5.0_21 (JRE 5.0 Update 21)

1.5.0

Sun JRE 1.5.0_22 (JRE 5.0 Update 22)

1.5.0

Sun JRE 1.5.0_23 (JRE 5.0 Update 23)

1.5.0

Sun JRE 1.5.0_24 (JRE 5.0 Update 24)

1.5.0

Sun JRE 1.5.0_3 (JRE 5.0 Update 3)

1.5.0

Sun JRE 1.5.0_4 (JRE 5.0 Update 4)

1.5.0

Sun JRE 1.5.0_5 (JRE 5.0 Update 5)

1.5.0

Sun JRE 1.5.0_6 (JRE 5.0 Update 6)

1.5.0

Sun JRE 1.5.0_7 (JRE 5.0 Update 7)

1.5.0

Sun JRE 1.5.0_8 (JRE 5.0 Update 8)

1.5.0

Sun JRE 1.5.0_9 (JRE 5.0 Update 9)

1.5.0

References

SSRT100333

FEDORA-2010-16312

FEDORA-2010-16294

FEDORA-2010-16240

SUSE-SR:2010:019

HPSBMU02799

41972

Vendor Advisory

42377

Vendor Advisory

42974

Vendor Advisory

GLSA-201406-32

http://support.avaya.com/css/P8/documents/100114315

http://support.avaya.com/css/P8/documents/100114327

http://support.avaya.com/css/P8/documents/100123193

http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html

http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

Patch, Vendor Advisory

RHSA-2010:0768

RHSA-2010:0770

RHSA-2010:0865

20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

44013

USN-1010-1

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

ADV-2010-3086

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=639880

oval:org.mitre.oval:def:12200

oval:org.mitre.oval:def:12437

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.