CVE-2010-0094HIGH
Description
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.
References
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
http://marc.info/?l=bugtraq&m=127557596201693&w=2
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://secunia.com/advisories/39292
http://secunia.com/advisories/39317
http://secunia.com/advisories/39659
http://secunia.com/advisories/39819
http://secunia.com/advisories/40545
http://secunia.com/advisories/43308
http://support.apple.com/kb/HT4170
http://support.apple.com/kb/HT4171
http://ubuntu.com/usn/usn-923-1
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html
http://www.redhat.com/support/errata/RHSA-2010-0337.html
http://www.redhat.com/support/errata/RHSA-2010-0338.html
http://www.redhat.com/support/errata/RHSA-2010-0339.html
http://www.redhat.com/support/errata/RHSA-2010-0383.html
http://www.redhat.com/support/errata/RHSA-2010-0471.html
http://www.securityfocus.com/archive/1/510527/100/0/threaded
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
http://www.vupen.com/english/advisories/2010/1107
http://www.vupen.com/english/advisories/2010/1191
http://www.vupen.com/english/advisories/2010/1454
http://www.vupen.com/english/advisories/2010/1793
http://www.zerodayinitiative.com/advisories/ZDI-10-051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10851
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14351
Details
Source: MITRE
Published: 2010-04-01
Updated: 2018-10-10
Type: NVD-CWE-noinfo
Risk Information
CVSS v2.0
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update_18:*:*:*:*:*:* versions up to 1.6.0 (inclusive)
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:*:update_18:*:*:*:*:*:* versions up to 1.6.0 (inclusive)
cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
Configuration 3
OR
cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:*:update23:*:*:*:*:*:* versions up to 1.5.0 (inclusive)
cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
Configuration 4
OR
cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update23:*:*:*:*:*:* versions up to 1.5.0 (inclusive)
cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 89674 | VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check) | Nessus | Misc. | critical |
| 68028 | Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2010-0339) | Nessus | Oracle Linux Local Security Checks | high |
| 64842 | Oracle Java SE Multiple Vulnerabilities (March 2010 CPU) (Unix) | Nessus | Misc. | high |
| 60777 | Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | high |
| 60776 | Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | high |
| 51971 | VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | Nessus | VMware ESX Local Security Checks | critical |
| 51606 | SuSE 11.1 Security Update : IBM Java 6 (SAT Patch Number 2553) | Nessus | SuSE Local Security Checks | high |
| 50917 | SuSE 11 Security Update : Sun Java 6 (SAT Patch Number 2225) | Nessus | SuSE Local Security Checks | high |
| 50916 | SuSE 11 Security Update : IBM Java 6 (SAT Patch Number 2548) | Nessus | SuSE Local Security Checks | high |
| 49864 | SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 7077) | Nessus | SuSE Local Security Checks | high |
| 47617 | SuSE9 Security Update : IBM Java 1.5.0 (YOU Patch Number 12623) | Nessus | SuSE Local Security Checks | high |
| 47426 | Fedora 13 : java-1.6.0-openjdk-1.6.0.0-37.b17.fc13 (2010-6279) | Nessus | Fedora Local Security Checks | high |
| 47411 | Fedora 11 : java-1.6.0-openjdk-1.6.0.0-34.b17.fc11 (2010-6039) | Nessus | Fedora Local Security Checks | high |
| 47410 | Fedora 12 : java-1.6.0-openjdk-1.6.0.0-37.b17.fc12 (2010-6025) | Nessus | Fedora Local Security Checks | high |
| 47017 | RHEL 4 / 5 : IBM Java Runtime in Satellite Server (RHSA-2010:0471) | Nessus | Red Hat Local Security Checks | high |
| 46873 | CentOS 5 : java-1.6.0-openjdk (CESA-2010:0339) | Nessus | CentOS Local Security Checks | high |
| 46807 | GLSA-201006-18 : Oracle JRE/JDK: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
| 46674 | Mac OS X : Java for Mac OS X 10.6 Update 2 | Nessus | MacOS X Local Security Checks | high |
| 46673 | Mac OS X : Java for Mac OS X 10.5 Update 7 | Nessus | MacOS X Local Security Checks | high |
| 46304 | RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2010:0383) | Nessus | Red Hat Local Security Checks | high |
| 46295 | RHEL 5 : java-1.6.0-openjdk (RHSA-2010:0339) | Nessus | Red Hat Local Security Checks | high |
| 46294 | RHEL 4 / 5 : java-1.5.0-sun (RHSA-2010:0338) | Nessus | Red Hat Local Security Checks | high |
| 46293 | RHEL 4 / 5 : java-1.6.0-sun (RHSA-2010:0337) | Nessus | Red Hat Local Security Checks | high |
| 46191 | openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0182-1) | Nessus | SuSE Local Security Checks | high |
| 46189 | openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0182-1) | Nessus | SuSE Local Security Checks | high |
| 46187 | openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0182-1) | Nessus | SuSE Local Security Checks | high |
| 46176 | Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2010:084) | Nessus | Mandriva Local Security Checks | high |
| 45474 | Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : openjdk-6 vulnerabilities (USN-923-1) | Nessus | Ubuntu Local Security Checks | high |
| 45465 | openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-2228) | Nessus | SuSE Local Security Checks | high |
| 45459 | openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-2228) | Nessus | SuSE Local Security Checks | high |
| 45454 | openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-2228) | Nessus | SuSE Local Security Checks | high |
| 45379 | Oracle Java SE Multiple Vulnerabilities (March 2010 CPU) | Nessus | Windows | high |
| 44974 | RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2010:0130) | Nessus | Red Hat Local Security Checks | high |