| Vulnerability Name: | CVE-2010-3564 (CCN-62461) | ||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2010-10-12 | ||||||||||||||||||||||||||||||||||||||||
| Published: | 2010-10-12 | ||||||||||||||||||||||||||||||||||||||||
| Updated: | 2017-09-19 | ||||||||||||||||||||||||||||||||||||||||
| Summary: | Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. Note: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that the Kerberos implementation does not properly check AP-REQ requests, which allows attackers to cause a denial of service in the JVM. Note: CVE has not investigated the apparent discrepancy between the two vendors regarding the consequences of this issue. | ||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N) 4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
3.0 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2010-3564 Source: HP Type: UNKNOWN SSRT100333 Source: FEDORA Type: UNKNOWN FEDORA-2010-16312 Source: FEDORA Type: UNKNOWN FEDORA-2010-16294 Source: FEDORA Type: UNKNOWN FEDORA-2010-16240 Source: CCN Type: RHSA-2010-0768 Important: java-1.6.0-openjdk security and bug fix update Source: CCN Type: RHSA-2010-0865 Important: java-1.6.0-openjdk security and bug fix update Source: CCN Type: SA41831 Oracle Communications Messaging Server Webmail Unspecified Vulnerability Source: SECUNIA Type: Vendor Advisory 41972 Source: CCN Type: SA42377 Hitachi Products Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 42377 Source: GENTOO Type: UNKNOWN GLSA-201406-32 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/css/P8/documents/100114327 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/css/P8/documents/100123193 Source: CONFIRM Type: UNKNOWN http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html Source: CCN Type: Oracle Critical Patch Update Advisory - October 2010 Oracle Critical Patch Update Advisory - October 2010 Source: CONFIRM Type: UNKNOWN http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html Source: CCN Type: OSVDB ID: 70072 Oracle Communications Messaging Server Webmail Kerberos AP-REQ Remote DoS Source: REDHAT Type: UNKNOWN RHSA-2010:0768 Source: REDHAT Type: UNKNOWN RHSA-2010:0865 Source: BID Type: UNKNOWN 43963 Source: CCN Type: BID-43963 Oracle Communications Messaging Server CVE-2010-3564 Webmail Remote Vulnerability Source: UBUNTU Type: UNKNOWN USN-1010-1 Source: CERT Type: US Government Resource TA10-287A Source: VUPEN Type: Vendor Advisory ADV-2010-3086 Source: XF Type: UNKNOWN osps-mserver-webmail-unspec(62461) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:12398 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||