CVE-2010-4452HIGH
Description
Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.
References
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://secunia.com/advisories/44954
http://securityreason.com/securityalert/8145
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html
http://www.redhat.com/support/errata/RHSA-2011-0282.html
http://www.redhat.com/support/errata/RHSA-2011-0880.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12927
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14230
Details
Source: MITRE
Published: 2011-02-17
Updated: 2017-12-22
Type: NVD-CWE-noinfo
Risk Information
CVSS v2.0
Base Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 10
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update_23:*:*:*:*:*:* versions up to 1.6.0 (inclusive)
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:*:update_23:*:*:*:*:*:* versions up to 1.6.0 (inclusive)
cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 89681 | VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check) | Nessus | Misc. | critical |
| 75872 | openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-4147) | Nessus | SuSE Local Security Checks | critical |
| 75541 | openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0126-1) | Nessus | SuSE Local Security Checks | critical |
| 64844 | Oracle Java SE Multiple Vulnerabilities (February 2011 CPU) (Unix) | Nessus | Misc. | critical |
| 63983 | RHEL 5 : IBM Java Runtime (RHSA-2011:0880) | Nessus | Red Hat Local Security Checks | critical |
| 60964 | Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | critical |
| 56724 | GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST) | Nessus | Gentoo Local Security Checks | critical |
| 56665 | VMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | Nessus | VMware ESX Local Security Checks | critical |
| 53736 | openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0126-1) | Nessus | SuSE Local Security Checks | critical |
| 52752 | SuSE 10 Security Update : java-1_6_0-ibm, java-1_6_0-ibm-32bit, java-1_6_0-ibm-64bit, java-1_6_0-ibm-alsa, java-1_6_0-ibm-alsa-32bit, java-1_6_0-ibm-demo, java-1_6_0-ibm-devel, java-1_6_0-ibm-devel-32bit, java-1_6_0-ibm-fonts, java-1_6_0-ibm-jdbc, java-1_6_0-ibm-jdbc-32bit, java-1_6_0-ibm-jdbc-64bit, java-1_6_0-ibm-plugin, java-1_6_0-ibm-plugin-32bit, java-1_6_0-ibm-src (ZYPP Patch Number 7369) | Nessus | SuSE Local Security Checks | critical |
| 52751 | SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4109) | Nessus | SuSE Local Security Checks | critical |
| 52701 | RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2011:0357) | Nessus | Red Hat Local Security Checks | critical |
| 52068 | SuSE 10 Security Update : IBM Java 1.6 (ZYPP Patch Number 7342) | Nessus | SuSE Local Security Checks | critical |
| 52067 | SuSE 11.1 Security Update : Sun Java 1.6 (SAT Patch Number 3976) | Nessus | SuSE Local Security Checks | critical |
| 52021 | RHEL 4 / 5 / 6 : java-1.6.0-sun (RHSA-2011:0282) | Nessus | Red Hat Local Security Checks | critical |
| 52002 | Oracle Java SE Multiple Vulnerabilities (February 2011 CPU) | Nessus | Windows | critical |