Vulnerability CVE-2010-4466 - CERT Civis.Net

Vulnerability Name:

CVE-2010-4466 (CCN-65403)

Assigned:

2010-12-06

Published:

2011-02-15

Updated:

2018-10-30

Summary:

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2010-4466

Source: SUSE
Type: UNKNOWN
SUSE-SA:2011:024

Source: SUSE
Type: UNKNOWN
SUSE-SU-2011:0823

Source: HP
Type: UNKNOWN
HPSBMU02799

Source: HP
Type: UNKNOWN
SSRT100867

Source: CCN
Type: RHSA-2011-0282
Critical: java-1.6.0-sun security update

Source: CCN
Type: RHSA-2011-0357
Critical: java-1.6.0-ibm security update

Source: CCN
Type: RHSA-2011-0364
Critical: java-1.5.0-ibm security update

Source: CCN
Type: RHSA-2011-0490
Critical: java-1.4.2-ibm security update

Source: CCN
Type: RHSA-2011-0870
Moderate: java-1.4.2-ibm-sap security update

Source: CCN
Type: RHSA-2011-0880
Low: Red Hat Network Satellite server IBM Java Runtime security update

Source: SECUNIA
Type: UNKNOWN
44954

Source: CCN
Type: Oracle Critical Patch Update - February 2011
Oracle Java SE and Java for Business Critical Patch Update Advisory - February 2011

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html

Source: CCN
Type: OSVDB ID: 71614
Oracle Java SE / Java for Business Deployment Java Runtime WWW-Authenticate Request Remote NTLM Hash Disclosure

Source: REDHAT
Type: UNKNOWN
RHSA-2011:0282

Source: REDHAT
Type: UNKNOWN
RHSA-2011:0880

Source: CCN
Type: BID-46411
Oracle Java SE and Java for Business NTLM Credentials Information Disclosure Vulnerability

Source: XF
Type: UNKNOWN
oracle-runtime-ntlm-info-disclosure(65403)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:12837

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:14271

Source: SUSE
Type: SUSE-SA:2011:010
Sun Java Security update

Source: SUSE
Type: SUSE-SA:2011:014
IBM Java security update

Source: SUSE
Type: SUSE-SA:2011:024
IBM Java 1.4.2 security problems

Source: SUSE
Type: SUSE-SR:2011:008
SUSE Security Summary Report

Source: CCN
Type: ZDI-11-082
Oracle Java Runtime NTLM Authentication Information Leakage Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:jre:1.6.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_1:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_10:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_11:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_12:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_13:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_14:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_15:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_16:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_17:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_18:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_19:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_20:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_21:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_22:*:*:*:*:*:*

OR cpe:/a:sun:jre:*:update_23:*:*:*:*:*:* (Version <= 1.6.0)

OR cpe:/a:sun:jre:1.6.0:update_3:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_4:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_5:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_6:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_7:*:*:*:*:*:*

Configuration 2:

cpe:/a:sun:jdk:1.6.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*

OR cpe:/a:sun:jdk:*:update_23:*:*:*:*:*:* (Version <= 1.6.0)

OR cpe:/a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*

Configuration 3:

cpe:/a:sun:jdk:1.5.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update10:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update11:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update12:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update13:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update14:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update15:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update16:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update17:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update18:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update19:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update20:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update21:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update22:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update23:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update24:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update25:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update26:*:*:*:*:*:*

OR cpe:/a:sun:jdk:*:update27:*:*:*:*:*:* (Version <= 1.5.0)

OR cpe:/a:sun:jdk:1.5.0:update3:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update5:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update6:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update7:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update8:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update9:*:*:*:*:*:*

Configuration 4:

cpe:/a:sun:sdk:1.4.2:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_26:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_27:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_28:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:*:*:*:*:*:*:*:* (Version <= 1.4.2_29)

Configuration 5:

cpe:/a:sun:jre:1.5.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update10:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update11:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update12:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update13:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update14:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update15:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update16:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update17:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update18:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update19:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update20:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update21:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update22:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update23:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update24:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update25:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update26:*:*:*:*:*:*

OR cpe:/a:sun:jre:*:update27:*:*:*:*:*:* (Version <= 1.5.0)

OR cpe:/a:sun:jre:1.5.0:update3:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update5:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update6:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update7:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update8:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update9:*:*:*:*:*:*

Configuration 6:

cpe:/a:sun:jre:1.4.2:-:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_1:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_2:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_3:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_4:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_5:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_6:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_7:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_8:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_9:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_10:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_11:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_12:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_13:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_14:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_15:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_16:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_17:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_18:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_19:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_20:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_21:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_22:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_23:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_24:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_25:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_26:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_27:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_28:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:*:*:*:*:*:*:*:* (Version <= 1.4.2_29)

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:rhel_extras:6:*:*:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:sun:sdk:1.4.2_29:*:*:*:*:*:*:*

AND

cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20104466	V	CVE-2010-4466	2022-05-20
oval:org.mitre.oval:def:12837	V	HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities	2015-04-20
oval:org.mitre.oval:def:14271	V	Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.	2015-03-23
oval:org.mitre.oval:def:23615	P	ELSA-2011:0282: java-1.6.0-sun security update (Critical)	2014-05-26
oval:org.mitre.oval:def:23111	P	ELSA-2011:0490: java-1.4.2-ibm security update (Critical)	2014-05-26
oval:org.mitre.oval:def:23570	P	ELSA-2011:0364: java-1.5.0-ibm security update (Critical)	2014-05-26
oval:org.mitre.oval:def:23592	P	ELSA-2011:0357: java-1.6.0-ibm security update (Critical)	2014-05-26
oval:org.mitre.oval:def:20962	P	RHSA-2011:0364: java-1.5.0-ibm security update (Critical)	2014-02-24
oval:org.mitre.oval:def:21622	P	RHSA-2011:0357: java-1.6.0-ibm security update (Critical)	2014-02-24
oval:org.mitre.oval:def:21690	P	RHSA-2011:0490: java-1.4.2-ibm security update (Critical)	2014-02-24
oval:org.mitre.oval:def:21859	P	RHSA-2011:0282: java-1.6.0-sun security update (Critical)	2014-02-24
oval:org.mitre.oval:def:20513	V	VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX	2014-01-20
oval:com.redhat.rhsa:def:20110490	P	RHSA-2011:0490: java-1.4.2-ibm security update (Critical)	2011-05-05
oval:com.redhat.rhsa:def:20110364	P	RHSA-2011:0364: java-1.5.0-ibm security update (Critical)	2011-03-17
oval:com.redhat.rhsa:def:20110357	P	RHSA-2011:0357: java-1.6.0-ibm security update (Critical)	2011-03-16
oval:com.redhat.rhsa:def:20110282	P	RHSA-2011:0282: java-1.6.0-sun security update (Critical)	2011-02-17