Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.1
CVSSv2

CVE-2010-3573

Published: 19/10/2010 Updated: 10/10/2018
CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9
VMScore: 515
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Subscribe to Jre

Vulnerability Summary

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote malicious users to bypass the intended security policy.

Vulnerable Product Search on Vulmon Subscribe to Product

sun jre 1.6.0

sun jre

sun jdk 1.6.0

sun jdk

sun jdk 1.5.0

sun jre 1.5.0

Vendor Advisories

Ubuntu Security Notice: openjdk-6, openjdk-6b18 vulnerabilities
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user’s session USN-923-1 disabled SSL/TLS renegotiation by default; this update implements the TLS Renegotiati ...
Red Hat: Important: java-1.6.0-openjdk security and bug fix update
Synopsis Important: java-160-openjdk security and bug fix update Type/Severity Security Advisory: Important Topic Updated java-160-openjdk packages that fix several security issues andtwo bugs are now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as ha ...
Red Hat: Critical: java-1.4.2-ibm security update
Synopsis Critical: java-142-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-142-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4Extras, and Red Hat Enterprise Linux 5 SupplementaryThe Red Ha ...
Red Hat: Critical: java-1.6.0-sun security update
Synopsis Critical: java-160-sun security update Type/Severity Security Advisory: Critical Topic Updated java-160-sun packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThe Red Hat Security Response Team has rated this update as having cri ...
Cisco: MIT Kerberos GSS-API Library Remote Denial of Service Vulnerability
MIT Kerberos contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service (DoS) condition The vulnerability is in the GSS-API acceptor component due to lack of pointer validation  An authenticated, remote attacker could exploit the vulnerability by making a crafted request to the affected componen ...

Exploits

Exploit DB: Oracle JRE - java.net.URLConnection class Same-of-Origin 'SOP' Policy Bypass
Description Security-Assessmentcom discovered that a Java Applet making use of javanetURLConnection class can be used to bypass same-of-origin (SOP) policy and domain based security controls in modern browsers when communication occurs between two domains that resolve to the same IP address This advisory includes a Proof-of-Concept (PoC) demo ...

References

NVD-CWE-noinfohttp://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0770.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=642202http://support.avaya.com/css/P8/documents/100114315http://support.avaya.com/css/P8/documents/100114327http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.htmlhttp://www.ubuntu.com/usn/USN-1010-1http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.htmlhttp://secunia.com/advisories/41967http://secunia.com/advisories/41972http://www.redhat.com/support/errata/RHSA-2010-0807.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0865.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0768.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0873.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0987.htmlhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748http://support.avaya.com/css/P8/documents/100123193http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.htmlhttp://secunia.com/advisories/42974http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0880.htmlhttp://secunia.com/advisories/44954http://security.gentoo.org/glsa/glsa-201406-32.xmlhttp://marc.info/?l=bugtraq&m=134254866602253&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12220https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11990http://www.securityfocus.com/archive/1/516397/100/0/threadedhttps://nvd.nist.govhttps://usn.ubuntu.com/1010-1/https://www.exploit-db.com/exploits/15288/http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20100519-CVE-2010-1321
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook