CVE-2010-3565

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html

http://marc.info/?l=bugtraq&m=134254866602253&w=2

http://secunia.com/advisories/41967

http://secunia.com/advisories/41972

http://secunia.com/advisories/42974

http://secunia.com/advisories/44954

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://support.avaya.com/css/P8/documents/100114315

http://support.avaya.com/css/P8/documents/100114327

http://support.avaya.com/css/P8/documents/100123193

http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

http://www.redhat.com/support/errata/RHSA-2010-0768.html

http://www.redhat.com/support/errata/RHSA-2010-0770.html

http://www.redhat.com/support/errata/RHSA-2010-0786.html

http://www.redhat.com/support/errata/RHSA-2010-0807.html

http://www.redhat.com/support/errata/RHSA-2010-0865.html

http://www.redhat.com/support/errata/RHSA-2010-0873.html

http://www.redhat.com/support/errata/RHSA-2010-0986.html

http://www.redhat.com/support/errata/RHSA-2010-0987.html

http://www.redhat.com/support/errata/RHSA-2011-0880.html

http://www.securityfocus.com/archive/1/516397/100/0/threaded

http://www.securityfocus.com/bid/43985

http://www.ubuntu.com/usn/USN-1010-1

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

http://www.vupen.com/english/advisories/2010/2745

http://www.zerodayinitiative.com/advisories/ZDI-10-205/

https://bugzilla.redhat.com/show_bug.cgi?id=639920

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12180

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12294

Details

Source: MITRE

Published: 2010-10-19

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update_21:*:*:*:*:*:* versions up to 1.6.0 (inclusive)

cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:update_21:*:*:*:*:*:* versions up to 1.6.0 (inclusive)

cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:update25:*:*:*:*:*:* versions up to 1.5.0 (inclusive)

cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_26:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:* versions up to 1.4.2_27 (inclusive)

Configuration 5

OR

cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update25:*:*:*:*:*:* versions up to 1.5.0 (inclusive)

cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_26:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:*:*:*:*:*:*:* versions up to 1.4.2_27 (inclusive)

Tenable Plugins

View all (40 total)

IDNameProductFamilySeverity
89681VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check)NessusMisc.
critical
89674VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)NessusMisc.
critical
76303GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)NessusGentoo Local Security Checks
critical
75540openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)NessusSuSE Local Security Checks
critical
75534openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1)NessusSuSE Local Security Checks
critical
68117Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2010-0768)NessusOracle Linux Local Security Checks
critical
64843Oracle Java SE Multiple Vulnerabilities (October 2010 CPU) (Unix)NessusMisc.
critical
63983RHEL 5 : IBM Java Runtime (RHSA-2011:0880)NessusRed Hat Local Security Checks
critical
60892Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60869Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60868Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
56724GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
56665VMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESXNessusVMware ESX Local Security Checks
critical
53731openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1)NessusSuSE Local Security Checks
critical
53662openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1)NessusSuSE Local Security Checks
critical
51971VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESXNessusVMware ESX Local Security Checks
high
51751SuSE 10 Security Update : Sun Java 1.6.0 (ZYPP Patch Number 7204)NessusSuSE Local Security Checks
critical
51750SuSE 10 Security Update : IBM Java 6 SR9 (ZYPP Patch Number 7312)NessusSuSE Local Security Checks
critical
51667SuSE 11.1 Security Update : IBM Java 6 (SAT Patch Number 3724)NessusSuSE Local Security Checks
critical
51605SuSE 11.1 Security Update : IBM Java 1.4.2 (SAT Patch Number 3528)NessusSuSE Local Security Checks
critical
51339SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 7231)NessusSuSE Local Security Checks
critical
51338SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12658)NessusSuSE Local Security Checks
critical
51197RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2010:0987)NessusRed Hat Local Security Checks
critical
50968SuSE 10 Security Update : IBM Java 5 (ZYPP Patch Number 7205)NessusSuSE Local Security Checks
critical
50919SuSE 11 / 11.1 Security Update : Java 1.6.0 (SAT Patch Numbers 3347 / 3349)NessusSuSE Local Security Checks
critical
50854SuSE9 Security Update : IBM Java 5 JRE and SDK (YOU Patch Number 12659)NessusSuSE Local Security Checks
critical
50641RHEL 6 : java-1.5.0-ibm (RHSA-2010:0873)NessusRed Hat Local Security Checks
critical
50637RHEL 6 : java-1.6.0-openjdk (RHSA-2010:0865)NessusRed Hat Local Security Checks
critical
50410Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : openjdk-6, openjdk-6b18 vulnerabilities (USN-1010-1)NessusUbuntu Local Security Checks
critical
50360RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2010:0807)NessusRed Hat Local Security Checks
critical
50299openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)NessusSuSE Local Security Checks
critical
50298openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)NessusSuSE Local Security Checks
critical
50295Fedora 12 : java-1.6.0-openjdk-1.6.0.0-41.1.8.2.fc12 (2010-16240)NessusFedora Local Security Checks
critical
50078RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2010:0786)NessusRed Hat Local Security Checks
critical
50035Fedora 13 : java-1.6.0-openjdk-1.6.0.0-43.1.8.2.fc13 (2010-16294)NessusFedora Local Security Checks
critical
50007Fedora 14 : java-1.6.0-openjdk-1.6.0.0-44.1.9.1.fc14 (2010-16312)NessusFedora Local Security Checks
critical
50003CentOS 5 : java-1.6.0-openjdk (CESA-2010:0768)NessusCentOS Local Security Checks
critical
49996Oracle Java SE Multiple Vulnerabilities (October 2010 CPU)NessusWindows
critical
49990RHEL 4 / 5 : java-1.6.0-sun (RHSA-2010:0770)NessusRed Hat Local Security Checks
critical
49974RHEL 5 : java-1.6.0-openjdk (RHSA-2010:0768)NessusRed Hat Local Security Checks
critical