CVE-2010-4465

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets."

References

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html

http://marc.info/?l=bugtraq&m=133728004526190&w=2

http://marc.info/?l=bugtraq&m=134254866602253&w=2

http://marc.info/?l=bugtraq&m=134254957702612&w=2

http://secunia.com/advisories/43350

http://secunia.com/advisories/44954

http://secunia.com/advisories/49198

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://www.debian.org/security/2011/dsa-2224

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html

http://www.mandriva.com/security/advisories?name=MDVSA-2011:054

http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html

http://www.redhat.com/support/errata/RHSA-2011-0281.html

http://www.redhat.com/support/errata/RHSA-2011-0282.html

http://www.redhat.com/support/errata/RHSA-2011-0880.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12925

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14034

Details

Source: MITRE

Published: 2011-02-17

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update_23:*:*:*:*:*:* versions up to 1.6.0 (inclusive)

cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:update_23:*:*:*:*:*:* versions up to 1.6.0 (inclusive)

cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:update27:*:*:*:*:*:* versions up to 1.5.0 (inclusive)

cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_26:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_27:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_28:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:* versions up to 1.4.2_29 (inclusive)

Configuration 5

OR

cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update27:*:*:*:*:*:* versions up to 1.5.0 (inclusive)

cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_26:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_27:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_28:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:*:*:*:*:*:*:* versions up to 1.4.2_29 (inclusive)

Tenable Plugins

View all (41 total)

IDNameProductFamilySeverity
89681VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check)NessusMisc.
critical
76303GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)NessusGentoo Local Security Checks
critical
75872openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-4147)NessusSuSE Local Security Checks
critical
75541openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0126-1)NessusSuSE Local Security Checks
critical
75538openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)NessusSuSE Local Security Checks
critical
68205Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2011-0281)NessusOracle Linux Local Security Checks
critical
65100Ubuntu 10.10 : openjdk-6b18 vulnerabilities (USN-1079-3)NessusUbuntu Local Security Checks
critical
65099Ubuntu 9.10 / 10.04 LTS : openjdk-6b18 vulnerabilities (USN-1079-2)NessusUbuntu Local Security Checks
critical
64844Oracle Java SE Multiple Vulnerabilities (February 2011 CPU) (Unix)NessusMisc.
critical
63983RHEL 5 : IBM Java Runtime (RHSA-2011:0880)NessusRed Hat Local Security Checks
critical
60964Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60963Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
57206SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7442)NessusSuSE Local Security Checks
critical
57204SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7504)NessusSuSE Local Security Checks
critical
56724GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
56665VMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESXNessusVMware ESX Local Security Checks
critical
53893SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7505)NessusSuSE Local Security Checks
critical
53891SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4481)NessusSuSE Local Security Checks
critical
53883SuSE9 Security Update : IBM Java JRE and SDK (YOU Patch Number 12706)NessusSuSE Local Security Checks
critical
53819RHEL 4 / 5 : java-1.4.2-ibm (RHSA-2011:0490)NessusRed Hat Local Security Checks
critical
53736openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0126-1)NessusSuSE Local Security Checks
critical
53735openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)NessusSuSE Local Security Checks
critical
53507Debian DSA-2224-1 : openjdk-6 - several vulnerabilitiesNessusDebian Local Security Checks
critical
53421CentOS 5 : java-1.6.0-openjdk (CESA-2011:0281)NessusCentOS Local Security Checks
critical
53251SuSE9 Security Update : IBM Java JRE and SDK (YOU Patch Number 12691)NessusSuSE Local Security Checks
critical
53235SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7388)NessusSuSE Local Security Checks
critical
53001Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:054)NessusMandriva Local Security Checks
critical
52752SuSE 10 Security Update : java-1_6_0-ibm, java-1_6_0-ibm-32bit, java-1_6_0-ibm-64bit, java-1_6_0-ibm-alsa, java-1_6_0-ibm-alsa-32bit, java-1_6_0-ibm-demo, java-1_6_0-ibm-devel, java-1_6_0-ibm-devel-32bit, java-1_6_0-ibm-fonts, java-1_6_0-ibm-jdbc, java-1_6_0-ibm-jdbc-32bit, java-1_6_0-ibm-jdbc-64bit, java-1_6_0-ibm-plugin, java-1_6_0-ibm-plugin-32bit, java-1_6_0-ibm-src (ZYPP Patch Number 7369)NessusSuSE Local Security Checks
critical
52751SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4109)NessusSuSE Local Security Checks
critical
52709RHEL 4 / 5 / 6 : java-1.5.0-ibm (RHSA-2011:0364)NessusRed Hat Local Security Checks
critical
52701RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2011:0357)NessusRed Hat Local Security Checks
critical
52588Mac OS X : Java for Mac OS X 10.6 Update 4NessusMacOS X Local Security Checks
high
52587Mac OS X : Java for Mac OS X 10.5 Update 9NessusMacOS X Local Security Checks
high
52498Ubuntu 9.10 / 10.04 LTS / 10.10 : openjdk-6 vulnerabilities (USN-1079-1)NessusUbuntu Local Security Checks
critical
52068SuSE 10 Security Update : IBM Java 1.6 (ZYPP Patch Number 7342)NessusSuSE Local Security Checks
critical
52067SuSE 11.1 Security Update : Sun Java 1.6 (SAT Patch Number 3976)NessusSuSE Local Security Checks
critical
52021RHEL 4 / 5 / 6 : java-1.6.0-sun (RHSA-2011:0282)NessusRed Hat Local Security Checks
critical
52020RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2011:0281)NessusRed Hat Local Security Checks
critical
52006Fedora 14 : java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14 (2011-1645)NessusFedora Local Security Checks
critical
52005Fedora 13 : java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13 (2011-1631)NessusFedora Local Security Checks
critical
52002Oracle Java SE Multiple Vulnerabilities (February 2011 CPU)NessusWindows
critical