Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2010-3563

Published: 19/10/2010 Updated: 19/09/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Sun

Vulnerability Summary

Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sun jre 1.6.0

sun jre

sun jdk 1.6.0

sun jdk

Vendor Advisories

Red Hat: Critical: java-1.6.0-sun security update
Synopsis Critical: java-160-sun security update Type/Severity Security Advisory: Critical Topic Updated java-160-sun packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThe Red Hat Security Response Team has rated this update as having cri ...
Cisco: MIT Kerberos GSS-API Library Remote Denial of Service Vulnerability
MIT Kerberos contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service (DoS) condition The vulnerability is in the GSS-API acceptor component due to lack of pointer validation  An authenticated, remote attacker could exploit the vulnerability by making a crafted request to the affected componen ...

Exploits

Exploit DB: Sun Java Web Start BasicServiceImpl - Remote Code Execution (Metasploit)
## # $Id: java_basicservice_implrb 11623 2011-01-22 00:16:57Z egypt $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' ...
Exploit DB: Sun Java Web Start BasicServiceImpl Remote Code Execution Exploit
This Metasploit module exploits a vulnerability in Java Runtime Environment that allows an attacker to escape the Java Sandbox By injecting a parameter into a javaws call within the BasicServiceImpl class the default java sandbox policy file can be therefore overwritten The vulnerability affects version 6 prior to update 22 NOTE: Exploiting this ...

Recent Articles

Investigation Report for the September 2014 Equation malware detection incident in the US
Securelist • Kaspersky Lab • 16 Nov 2017

In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were tr...

Read more...

References

NVD-CWE-noinfohttp://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.htmlhttp://www.zerodayinitiative.com/advisories/ZDI-10-202/http://www.redhat.com/support/errata/RHSA-2010-0770.htmlhttp://support.avaya.com/css/P8/documents/100114315http://www.securityfocus.com/bid/43999http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0987.htmlhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748http://support.avaya.com/css/P8/documents/100123193http://www.redhat.com/support/errata/RHSA-2011-0880.htmlhttp://secunia.com/advisories/44954http://marc.info/?l=bugtraq&m=134254866602253&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12554https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12181https://access.redhat.com/errata/RHSA-2010:0770https://nvd.nist.govhttps://www.exploit-db.com/exploits/16495/http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20100519-CVE-2010-1321
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook