Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2010-0094

Published: 01/04/2010 Updated: 10/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Jre

Vulnerability Summary

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote malicious users to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sun jre 1.6.0

sun jre

sun jdk 1.6.0

sun jdk

sun jdk 1.5.0

sun jre 1.5.0

Vendor Advisories

Ubuntu Security Notice: openjdk-6 vulnerabilities
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user’s session (CVE-2009-3555) ...
Red Hat: Critical: java-1.6.0-sun security update
Synopsis Critical: java-160-sun security update Type/Severity Security Advisory: Critical Topic Updated java-160-sun packages that correct several security issues arenow available for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThe Red Hat Security Response Team has rated this update as having ...
Red Hat: Critical: java-1.5.0-sun security update
Synopsis Critical: java-150-sun security update Type/Severity Security Advisory: Critical Topic The java-150-sun packages as shipped in Red Hat Enterprise Linux 4 Extrasand 5 Supplementary contain security flaws and should not be usedThe Red Hat Security Response Team has rated this update as having cr ...
Red Hat: Moderate: java-1.5.0-ibm security update
Synopsis Moderate: java-150-ibm security update Type/Severity Security Advisory: Moderate Topic Updated java-150-ibm packages that fix a security issue are now availablefor Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having moderate security impact by the RedHat S ...
Red Hat: Important: java-1.6.0-openjdk security update
Synopsis Important: java-160-openjdk security update Type/Severity Security Advisory: Important Topic Updated java-160-openjdk packages that fix several security issues arenow available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security im ...

Exploits

Exploit DB: Java RMIConnectionImpl Deserialization Privilege Escalation Exploit
This Metasploit module exploits a vulnerability in the Java Runtime Environment that allows to deserialize a MarshalledObject containing a custom classloader under a privileged context The vulnerability affects version 6 prior to update 19 and version 5 prior to update 23 ...
Exploit DB: Java - RMIConnectionImpl Deserialization Privilege Escalation (Metasploit)
## # $Id: java_rmi_connection_implrb 10490 2010-09-27 00:09:17Z egypt $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/cor ...

Github Repositories

https://github.com/SteinsGatep001/Binary

Sleep_Pwn_f1sh

$$$$$$$$$ $$$ $$$ $$$$ $$$ $$$ $$$ $$$$ $$$$$ $$$d $$$ $$$ $$$ $$$ $$$ $ $$$$$$$ f$$$ $$$ $$$$$$d $$$ $$$

Recent Articles

Investigation Report for the September 2014 Equation malware detection incident in the US
Securelist • Kaspersky Lab • 16 Nov 2017

In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were tr...

Read more...
Cybercrime Raiders
Securelist • Vyacheslav Zakorzhevsky • 12 Oct 2010

The security was tight enough, but the raider knew exactly where the weak point in the system was. He had undergone special training to help him slip unnoticed through loopholes like these and infiltrate the network. The raider creates the loophole that lets others in — spies, thieves or secret agents, who then force the system to operate according to their bosses’ wishes. As long as the loophole stays open… This is not a scene from a computer game, this type of scenario is played out usin...

Read more...
Monthly Malware Statistics: August 2010
Securelist • Vyacheslav Zakorzhevsky • 01 Sep 2010

In August, there was a significant increase in exploits of the CVE-2010-2568 vulnerability. Worm.Win32.Stuxnet, which notoriously surfaced in late July, targets this vulnerability, as does the Trojan-Dropper program which installs the latest variant of the Sality virus – Virus.Win32.Sality.ag. Unsurprisingly, black hats lost no time in taking advantage of this latest vulnerability in the most commonly used version of Windows. However, on 2 August Microsoft released MS10-046 which provides a pa...

Read more...

References

NVD-CWE-noinfohttp://www.redhat.com/support/errata/RHSA-2010-0338.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0337.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0339.htmlhttp://ubuntu.com/usn/usn-923-1http://secunia.com/advisories/39292http://secunia.com/advisories/39317http://www.zerodayinitiative.com/advisories/ZDI-10-051http://www.mandriva.com/security/advisories?name=MDVSA-2010:084http://www.redhat.com/support/errata/RHSA-2010-0383.htmlhttp://secunia.com/advisories/39659http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlhttp://www.vupen.com/english/advisories/2010/1107http://support.apple.com/kb/HT4170http://support.apple.com/kb/HT4171http://lists.apple.com/archives/security-announce/2010//May/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2010//May/msg00001.htmlhttp://secunia.com/advisories/39819http://www.vupen.com/english/advisories/2010/1191http://www.redhat.com/support/errata/RHSA-2010-0471.htmlhttp://www.vupen.com/english/advisories/2010/1454http://secunia.com/advisories/40545http://www.vupen.com/english/advisories/2010/1793http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlhttp://secunia.com/advisories/43308http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlhttp://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.htmlhttp://marc.info/?l=bugtraq&m=134254866602253&w=2http://marc.info/?l=bugtraq&m=127557596201693&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14351https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10851http://www.securityfocus.com/archive/1/516397/100/0/threadedhttp://www.securityfocus.com/archive/1/510527/100/0/threadedhttps://usn.ubuntu.com/923-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/16305/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook