CVE-2010-4470

MEDIUM

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator."

References

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html

http://marc.info/?l=bugtraq&m=134254866602253&w=2

http://marc.info/?l=bugtraq&m=134254957702612&w=2

http://secunia.com/advisories/43350

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://www.debian.org/security/2011/dsa-2224

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html

http://www.mandriva.com/security/advisories?name=MDVSA-2011:054

http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html

http://www.redhat.com/support/errata/RHSA-2011-0281.html

http://www.redhat.com/support/errata/RHSA-2011-0282.html

http://www.securityfocus.com/bid/46387

https://exchange.xforce.ibmcloud.com/vulnerabilities/65404

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12887

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14076

Details

Source: MITRE

Published: 2011-02-17

Updated: 2017-12-22

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update_23:*:*:*:*:*:* versions up to 1.6.0 (inclusive)

cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:update_23:*:*:*:*:*:* versions up to 1.6.0 (inclusive)

cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*

Tenable Plugins

View all (29 total)

IDNameProductFamilySeverity
89681VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check)NessusMisc.
critical
76303GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)NessusGentoo Local Security Checks
critical
75872openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-4147)NessusSuSE Local Security Checks
critical
75541openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0126-1)NessusSuSE Local Security Checks
critical
75538openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)NessusSuSE Local Security Checks
critical
68205Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2011-0281)NessusOracle Linux Local Security Checks
critical
65100Ubuntu 10.10 : openjdk-6b18 vulnerabilities (USN-1079-3)NessusUbuntu Local Security Checks
critical
65099Ubuntu 9.10 / 10.04 LTS : openjdk-6b18 vulnerabilities (USN-1079-2)NessusUbuntu Local Security Checks
critical
64844Oracle Java SE Multiple Vulnerabilities (February 2011 CPU) (Unix)NessusMisc.
critical
60964Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60963Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
59684HP Systems Insight Manager < 7.0 Multiple VulnerabilitiesNessusWindows
critical
56724GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
56665VMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESXNessusVMware ESX Local Security Checks
critical
53736openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0126-1)NessusSuSE Local Security Checks
critical
53735openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)NessusSuSE Local Security Checks
critical
53507Debian DSA-2224-1 : openjdk-6 - several vulnerabilitiesNessusDebian Local Security Checks
critical
53421CentOS 5 : java-1.6.0-openjdk (CESA-2011:0281)NessusCentOS Local Security Checks
critical
53001Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:054)NessusMandriva Local Security Checks
critical
52588Mac OS X : Java for Mac OS X 10.6 Update 4NessusMacOS X Local Security Checks
high
52587Mac OS X : Java for Mac OS X 10.5 Update 9NessusMacOS X Local Security Checks
high
52498Ubuntu 9.10 / 10.04 LTS / 10.10 : openjdk-6 vulnerabilities (USN-1079-1)NessusUbuntu Local Security Checks
critical
52068SuSE 10 Security Update : IBM Java 1.6 (ZYPP Patch Number 7342)NessusSuSE Local Security Checks
critical
52067SuSE 11.1 Security Update : Sun Java 1.6 (SAT Patch Number 3976)NessusSuSE Local Security Checks
critical
52021RHEL 4 / 5 / 6 : java-1.6.0-sun (RHSA-2011:0282)NessusRed Hat Local Security Checks
critical
52020RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2011:0281)NessusRed Hat Local Security Checks
critical
52006Fedora 14 : java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14 (2011-1645)NessusFedora Local Security Checks
critical
52005Fedora 13 : java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13 (2011-1631)NessusFedora Local Security Checks
critical
52002Oracle Java SE Multiple Vulnerabilities (February 2011 CPU)NessusWindows
critical