CVE-2010-3541

critical

Description

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14354

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12491

https://bugzilla.redhat.com/show_bug.cgi?id=642202

http://www.vupen.com/english/advisories/2010/2745

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

http://www.ubuntu.com/usn/USN-1010-1

http://www.securityfocus.com/bid/44032

http://www.securityfocus.com/archive/1/516397/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2011-0880.html

http://www.redhat.com/support/errata/RHSA-2010-0987.html

http://www.redhat.com/support/errata/RHSA-2010-0986.html

http://www.redhat.com/support/errata/RHSA-2010-0873.html

http://www.redhat.com/support/errata/RHSA-2010-0865.html

http://www.redhat.com/support/errata/RHSA-2010-0807.html

http://www.redhat.com/support/errata/RHSA-2010-0786.html

http://www.redhat.com/support/errata/RHSA-2010-0770.html

http://www.redhat.com/support/errata/RHSA-2010-0768.html

http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

http://support.avaya.com/css/P8/documents/100123193

http://support.avaya.com/css/P8/documents/100114327

http://support.avaya.com/css/P8/documents/100114315

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://secunia.com/advisories/44954

http://secunia.com/advisories/42974

http://secunia.com/advisories/41972

http://secunia.com/advisories/41967

http://marc.info/?l=bugtraq&m=134254866602253&w=2

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748

Details

Source: Mitre, NVD

Published: 2010-10-19

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical