Vulnerability CVE-2010-3555

Vulnerability Name:

CVE-2010-3555 (CCN-62510)

Assigned:

2010-10-12

Published:

2010-10-12

Updated:

2017-09-19

Summary:

Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Note: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code.
Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

'May be vulnerable only through untrusted Java Web Start applications and Java applets.'

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Gain Access

References:

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:jre:1.6.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_1:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_10:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_11:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_12:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_13:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_14:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_15:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_16:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_17:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_18:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_19:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_20:*:*:*:*:*:*

OR cpe:/a:sun:jre:*:update_21:*:*:*:*:*:* (Version <= 1.6.0)

OR cpe:/a:sun:jre:1.6.0:update_3:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_4:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_5:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_6:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_7:*:*:*:*:*:*

Configuration 2:

cpe:/a:sun:jdk:1.6.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*

OR cpe:/a:sun:jdk:*:update_21:*:*:*:*:*:* (Version <= 1.6.0)

OR cpe:/a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:rhel_extras:6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7729	P	p7zip-16.02-150200.14.9.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7707	P	libykcs11-1-1.6.2-4.30 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:42329	P	Security update for dwarves and elfutils (Moderate)	2022-08-01
oval:org.opensuse.security:def:20103555	V	CVE-2010-3555	2022-05-20
oval:org.opensuse.security:def:31756	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:7005	P	Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP1) (Important)	2021-12-14
oval:org.opensuse.security:def:31699	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:32209	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:26151	P	Security update for python3 (Moderate)	2021-10-20
oval:org.opensuse.security:def:42128	P	Security update for rpm (Important)	2021-10-15
oval:org.opensuse.security:def:6980	P	Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP1) (Important)	2021-10-14
oval:org.opensuse.security:def:31275	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:32165	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:26102	P	Security update for php72 (Important)	2021-08-06
oval:org.opensuse.security:def:32143	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:31643	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:36537	P	perl-base-32bit-5.10.0-64.72.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36495	P	libtirpc-devel-0.2.1-1.7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31190	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:32104	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:31189	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:6905	P	Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP1) (Important)	2021-05-25
oval:org.opensuse.security:def:26049	P	Security update for lz4 (Important)	2021-05-14
oval:org.opensuse.security:def:26048	P	Security update for the Linux Kernel (Important)	2021-05-13
oval:org.opensuse.security:def:46358	P	java-1_6_0-ibm-1.6.0_sr16.1-5.9 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:13238	P	java-1_6_0-ibm-1.6.0_sr16.1-5.9 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:6886	P	Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP1) (Important)	2021-04-28
oval:org.opensuse.security:def:31607	P	Security update for qemu (Important)	2021-04-16
oval:org.opensuse.security:def:7069	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP2) (Important)	2021-04-07
oval:org.opensuse.security:def:6871	P	Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP1) (Important)	2021-04-07
oval:org.opensuse.security:def:26204	P	Security update for freeradius-server (Low)	2021-03-04
oval:org.opensuse.security:def:26190	P	Security update for MozillaFirefox (Low)	2021-02-10
oval:org.opensuse.security:def:31201	P	Security update for ImageMagick (Important)	2021-01-22
oval:org.opensuse.security:def:7056	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:32009	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:35697	P	findutils-4.4.0-38.26.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35813	P	python-sssd-config-1.5.11-0.9.96 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35638	P	squid-2.7.STABLE5-2.4.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35785	P	mono-core-2.6.7-0.7.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35721	P	java-1_6_0-ibm-1.6.0_sr9.3-0.4.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35746	P	libfreebl3-3.13.1-0.2.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35922	P	java-1_6_0-ibm-1.6.0_sr13.1-0.9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35857	P	PackageKit-0.3.14-2.28.46 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25284	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:31389	P	Security update for orca (Moderate)	2020-12-01
oval:org.opensuse.security:def:25814	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:31943	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:25557	P	Security update for transfig (Low)	2020-12-01
oval:org.opensuse.security:def:7038	P	libgadu3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32886	P	java-1_6_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35094	P	Security update for Linux kernel	2020-12-01
oval:org.opensuse.security:def:32647	P	cyrus-imapd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31401	P	Security update for perl-DBD-mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:25849	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:35388	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:25472	P	Security update for apache2-mod_perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:25990	P	Security update for libvpx (Moderate)	2020-12-01
oval:org.opensuse.security:def:31407	P	Security update for perl-XML-LibXML (Important)	2020-12-01
oval:org.opensuse.security:def:26921	P	java-1_6_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6778	P	libvte9 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31999	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:26686	P	dhcpcd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25484	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:34998	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:25757	P	Security update for flash-player (Moderate)	2020-12-01
oval:org.opensuse.security:def:31904	P	Security update for foomatic-filters (Moderate)	2020-12-01
oval:org.opensuse.security:def:25476	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:32847	P	dbus-1-glib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35010	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:31390	P	Security update for pam	2020-12-01
oval:org.opensuse.security:def:25698	P	Security update for dpdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:6748	P	libqt4-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35331	P	Security update for minicom (Moderate)	2020-12-01
oval:org.opensuse.security:def:25951	P	Security update for pcsc-lite (Moderate)	2020-12-01
oval:org.opensuse.security:def:26886	P	ecryptfs-utils-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6756	P	libsndfile1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31843	P	Security update for cairo (Moderate)	2020-12-01
oval:org.opensuse.security:def:25273	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:31556	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:25676	P	Security update for postgresql, postgresql96, postgresql10 and postgresql12 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31855	P	Security update for crash (Low)	2020-12-01
oval:org.opensuse.security:def:25348	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:34999	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:25898	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31965	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:25614	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:7047	P	libhogweed2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35230	P	Security update for libmspack (Moderate)	2020-12-01
oval:org.opensuse.security:def:32686	P	java-1_6_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31475	P	Security update for procps (Moderate)	2020-12-01
oval:org.opensuse.security:def:25902	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:35478	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26248	P	Security update for freerdp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25473	P	Security update for strongswan (Important)	2020-12-01
oval:org.opensuse.security:def:26004	P	Security update for shotwell (Moderate)	2020-12-01
oval:org.opensuse.security:def:25272	P	Security update for vino (Moderate)	2020-12-01
oval:org.opensuse.security:def:31499	P	Security update for python-paramiko (Important)	2020-12-01
oval:org.opensuse.security:def:6824	P	python-libxml2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32055	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:26721	P	java-1_6_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25548	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:31799	P	Security update for SDL (Moderate)	2020-12-01
oval:org.mitre.oval:def:11320	V	Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions	2015-06-01
oval:org.mitre.oval:def:12222	V	HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities.	2015-04-20
oval:org.mitre.oval:def:22954	P	ELSA-2010:0770: java-1.6.0-sun security update (Critical)	2014-05-26
oval:org.mitre.oval:def:23453	P	ELSA-2010:0987: java-1.6.0-ibm security and bug fix update (Critical)	2014-05-26
oval:org.mitre.oval:def:22124	P	RHSA-2010:0770: java-1.6.0-sun security update (Critical)	2014-02-24
oval:org.mitre.oval:def:22313	P	RHSA-2010:0987: java-1.6.0-ibm security and bug fix update (Critical)	2014-02-24
oval:org.mitre.oval:def:20574	V	VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX	2014-01-20
oval:com.redhat.rhsa:def:20100987	P	RHSA-2010:0987: java-1.6.0-ibm security and bug fix update (Critical)	2010-12-15
oval:com.redhat.rhsa:def:20100770	P	RHSA-2010:0770: java-1.6.0-sun security update (Critical)	2010-10-14

BACK