CVE-2010-0094 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2010-0094

CVE-2010-0094

April 01, 2010

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.

Related Resources (36)

http://www.zerodayinitiative.com/advisories/ZDI-10-051

http://www.redhat.com/support/errata/RHSA-2010-0383.html

http://www.vupen.com/english/advisories/2010/1454

http://www.vupen.com/english/advisories/2010/1191

http://www.securityfocus.com/archive/1/510527/100/0/threaded

http://ubuntu.com/usn/usn-923-1

http://secunia.com/advisories/43308

http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

http://secunia.com/advisories/40545

http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

http://www.mandriva.com/security/advisories?name=MDVSA-2010:084

http://secunia.com/advisories/39819

http://support.apple.com/kb/HT4171

http://www.redhat.com/support/errata/RHSA-2010-0471.html

http://www.redhat.com/support/errata/RHSA-2010-0339.html

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

http://lists.apple.com/archives/security-announce/2010//May/msg00002.html

http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

http://lists.apple.com/archives/security-announce/2010//May/msg00001.html

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751

https://access.redhat.com/security/cve/CVE-2010-0094

http://www.vupen.com/english/advisories/2010/1107

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10851

http://secunia.com/advisories/39659

http://support.apple.com/kb/HT4170

http://secunia.com/advisories/39292

http://www.securityfocus.com/archive/1/516397/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2010-0337.html

http://www.vupen.com/english/advisories/2010/1793

http://www.redhat.com/support/errata/RHSA-2010-0338.html

http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14351

http://marc.info/?l=bugtraq&m=134254866602253&w=2

http://secunia.com/advisories/39317

http://marc.info/?l=bugtraq&m=127557596201693&w=2

Do you need more information?

CVSS v4

Base Score:

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

Exploit Maturity

POC

CVSS v3

Base Score:

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Exploit Maturity

FUNCTIONAL

CVSS v2

Base Score:

7.5

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

EPSS

Base Score:

88.91