Vulnerabilities > CVE-2010-4452 - Unspecified vulnerability in SUN JDK and JRE
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 45 |
Exploit-Db
| description | Sun Java Applet2ClassLoader Remote Code Execution Exploit. CVE-2010-4452. Remote exploits for multiple platform |
| id | EDB-ID:16990 |
| last seen | 2016-02-02 |
| modified | 2011-03-16 |
| published | 2011-03-16 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/16990/ |
| title | Sun Java Applet2ClassLoader - Remote Code Execution Exploit |
Metasploit
| description | This module exploits a vulnerability in the Java Runtime Environment that allows an attacker to run an applet outside of the Java Sandbox. When an applet is invoked with: 1\. A "codebase" parameter that points at a trusted directory 2\. A "code" parameter that is a URL that does not contain any dots the applet will run outside of the sandbox. This vulnerability affects JRE prior to version 6 update 24. |
| id | MSF:EXPLOIT/WINDOWS/BROWSER/JAVA_CODEBASE_TRUST |
| last seen | 2020-06-14 |
| modified | 2017-07-24 |
| published | 2011-03-16 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/java_codebase_trust.rb |
| title | Sun Java Applet2ClassLoader Remote Code Execution |
Nessus
NASL family Scientific Linux Local Security Checks NASL id SL_20110217_JAVA__JDK_1_6_0__ON_SL4_X.NASL description This update fixes several vulnerabilities in the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the last seen 2020-06-01 modified 2020-06-02 plugin id 60964 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60964 title Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60964); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:19"); script_cve_id("CVE-2010-4422", "CVE-2010-4447", "CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4451", "CVE-2010-4452", "CVE-2010-4454", "CVE-2010-4462", "CVE-2010-4463", "CVE-2010-4465", "CVE-2010-4466", "CVE-2010-4467", "CVE-2010-4468", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4473", "CVE-2010-4475", "CVE-2010-4476"); script_name(english:"Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update fixes several vulnerabilities in the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the 'Oracle Java SE and Java for Business Critical Patch Update Advisory' page. (CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476) All running instances of Sun Java must be restarted for the update to take effect. NOTE: jdk-1.6.0_20-fcs.x86_64.rpm has not been signed. We cannot sign this package without breaking it." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1102&L=scientific-linux-errata&T=0&P=2201 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6b8eaef3" ); script_set_attribute( attribute:"solution", value:"Update the affected java-1.6.0-sun-compat and / or jdk packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Sun Java Applet2ClassLoader Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/02/17"); script_set_attribute(attribute:"patch_publication_date", value:"2011/02/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL4", reference:"java-1.6.0-sun-compat-1.6.0.24-3.sl4.jpp")) flag++; if (rpm_check(release:"SL4", reference:"jdk-1.6.0_24-fcs")) flag++; if (rpm_check(release:"SL5", reference:"java-1.6.0-sun-compat-1.6.0.24-3.sl5.jpp")) flag++; if (rpm_check(release:"SL5", reference:"jdk-1.6.0_24-fcs")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2011-0013.NASL description a. ESX third-party update for Service Console openssl RPM The Service Console openssl RPM is updated to openssl-0.9.8e.12.el5_5.7 resolving two security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. b. ESX third-party update for Service Console libuser RPM The Service Console libuser RPM is updated to version 0.54.7-2.1.el5_5.2 to resolve a security issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2011-0002 to this issue. c. ESX third-party update for Service Console nss and nspr RPMs The Service Console Network Security Services (NSS) and Netscape Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1 and nss-3.12.8-4 resolving multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3170 and CVE-2010-3173 to these issues. d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24 Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475 and CVE-2010-4476. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and CVE-2010-3574. e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30 Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873, CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814, CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476. f. Integer overflow in VMware third-party component sfcb This release resolves an integer overflow issue present in the third-party library SFCB when the httpMaxContentLength has been changed from its default value to 0 in in /etc/sfcb/sfcb.cfg. The integer overflow could allow remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2054 to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 56665 published 2011-10-28 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56665 title VMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0357.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM last seen 2020-06-01 modified 2020-06-02 plugin id 52701 published 2011-03-17 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52701 title RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2011:0357) NASL family SuSE Local Security Checks NASL id SUSE_11_4_JAVA-1_6_0-SUN-110314.NASL description Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. Following CVEs were addressed: CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4467 CVE-2010-4469 CVE-2010-4473 CVE-2010-4422 CVE-2010-4451 CVE-2010-4466 CVE-2010-4470 CVE-2010-4471 CVE-2010-4476 CVE-2010-4447 CVE-2010-4475 CVE-2010-4468 CVE-2010-4450 CVE-2010-4448 CVE-2010-4472 CVE-2010-4474 last seen 2020-06-01 modified 2020-06-02 plugin id 75872 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75872 title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-4147) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_6_0-SUN-110217.NASL description Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. The following CVEs were addressed : CVE-2010-4452 / CVE-2010-4454 / CVE-2010-4462 / CVE-2010-4463 / CVE-2010-4465 / CVE-2010-4467 / CVE-2010-4469 / CVE-2010-4473 / CVE-2010-4422 / CVE-2010-4451 / CVE-2010-4466 / CVE-2010-4470 / CVE-2010-4471 / CVE-2010-4476 / CVE-2010-4447 / CVE-2010-4475 / CVE-2010-4468 / CVE-2010-4450 / CVE-2010-4448 / CVE-2010-4472 / CVE-2010-4474 last seen 2020-06-01 modified 2020-06-02 plugin id 52067 published 2011-02-23 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52067 title SuSE 11.1 Security Update : Sun Java 1.6 (SAT Patch Number 3976) NASL family SuSE Local Security Checks NASL id SUSE_11_2_JAVA-1_6_0-SUN-110217.NASL description Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. Following CVEs were addressed: CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4467 CVE-2010-4469 CVE-2010-4473 CVE-2010-4422 CVE-2010-4451 CVE-2010-4466 CVE-2010-4470 CVE-2010-4471 CVE-2010-4476 CVE-2010-4447 CVE-2010-4475 CVE-2010-4468 CVE-2010-4450 CVE-2010-4448 CVE-2010-4472 CVE-2010-4474 last seen 2020-06-01 modified 2020-06-02 plugin id 53736 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53736 title openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0126-1) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_6_0-SUN-7342.NASL description Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. Following CVEs were addressed : CVE-2010-4452 / CVE-2010-4454 / CVE-2010-4462 / CVE-2010-4463 / CVE-2010-4465 / CVE-2010-4467 / CVE-2010-4469 / CVE-2010-4473 / CVE-2010-4422 / CVE-2010-4451 / CVE-2010-4466 / CVE-2010-4470 / CVE-2010-4471 / CVE-2010-4476 / CVE-2010-4447 / CVE-2010-4475 / CVE-2010-4468 / CVE-2010-4450 / CVE-2010-4448 / CVE-2010-4472 / CVE-2010-4474 last seen 2020-06-01 modified 2020-06-02 plugin id 52068 published 2011-02-23 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52068 title SuSE 10 Security Update : IBM Java 1.6 (ZYPP Patch Number 7342) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201111-02.NASL description The remote host is affected by the vulnerability described in GLSA-201111-02 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Impact : A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56724 published 2011-11-07 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56724 title GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST) NASL family Misc. NASL id VMWARE_VMSA-2011-0013_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Java Runtime Environment (JRE) - libuser - Netscape Portable Runtime (NSPR) - Network Security Services (NSS) - OpenSSL last seen 2020-06-01 modified 2020-06-02 plugin id 89681 published 2016-03-04 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89681 title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0880.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite 5.4.1 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite 5.4.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM last seen 2020-06-01 modified 2020-06-02 plugin id 63983 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63983 title RHEL 5 : IBM Java Runtime (RHSA-2011:0880) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0282.NASL description Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the last seen 2020-06-01 modified 2020-06-02 plugin id 52021 published 2011-02-18 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52021 title RHEL 4 / 5 / 6 : java-1.6.0-sun (RHSA-2011:0282) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_6_0-IBM-110307.NASL description IBM Java 6 SR9 FP1 was updated to fix a critical security bug in float number handling : - The Java Runtime Environment hangs forever when converting last seen 2020-06-01 modified 2020-06-02 plugin id 52751 published 2011-03-22 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52751 title SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4109) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_6_0-IBM-7369.NASL description IBM Java 6 SR9 FP1 was updated to fix a critical security bug in float number handling : - The Java Runtime Environment hangs forever when converting last seen 2020-06-01 modified 2020-06-02 plugin id 52752 published 2011-03-22 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52752 title SuSE 10 Security Update : java-1_6_0-ibm, java-1_6_0-ibm-32bit, java-1_6_0-ibm-64bit, java-1_6_0-ibm-alsa, java-1_6_0-ibm-alsa-32bit, java-1_6_0-ibm-demo, java-1_6_0-ibm-devel, java-1_6_0-ibm-devel-32bit, java-1_6_0-ibm-fonts, java-1_6_0-ibm-jdbc, java-1_6_0-ibm-jdbc-32bit, java-1_6_0-ibm-jdbc-64bit, java-1_6_0-ibm-plugin, java-1_6_0-ibm-plugin-32bit, java-1_6_0-ibm-src (ZYPP Patch Number 7369) NASL family Misc. NASL id ORACLE_JAVA_CPU_FEB_2011_UNIX.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 24 / 5.0 Update 28 / 1.4.2_30. Such versions are potentially affected by security issues in the following components : - Deployment - HotSpot - Install - JAXP - Java Language - JDBC - Launcher - Networking - Security - Sound - Swing - XML Digital Signature - 2D last seen 2020-06-01 modified 2020-06-02 plugin id 64844 published 2013-02-22 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64844 title Oracle Java SE Multiple Vulnerabilities (February 2011 CPU) (Unix) NASL family SuSE Local Security Checks NASL id SUSE_11_3_JAVA-1_6_0-SUN-110217.NASL description Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. Following CVEs were addressed: CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4467 CVE-2010-4469 CVE-2010-4473 CVE-2010-4422 CVE-2010-4451 CVE-2010-4466 CVE-2010-4470 CVE-2010-4471 CVE-2010-4476 CVE-2010-4447 CVE-2010-4475 CVE-2010-4468 CVE-2010-4450 CVE-2010-4448 CVE-2010-4472 CVE-2010-4474 last seen 2020-06-01 modified 2020-06-02 plugin id 75541 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75541 title openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0126-1) NASL family Windows NASL id ORACLE_JAVA_CPU_FEB_2011.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 24 / 5.0 Update 28 / 1.4.2_30. Such versions are potentially affected by security issue in the following components : - Deployment - HotSpot - Install - JAXP - Java Language - JDBC - Launcher - Networking - Security - Sound - Swing - XML Digital Signature - 2D last seen 2020-06-01 modified 2020-06-02 plugin id 52002 published 2011-02-16 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52002 title Oracle Java SE Multiple Vulnerabilities (February 2011 CPU)
Oval
accepted 2015-04-20T04:00:35.891-04:00 class vulnerability contributors name Yamini Mohan R organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Prashant Kumar organization Hewlett-Packard name Mike Cokus organization The MITRE Corporation
description Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. family unix id oval:org.mitre.oval:def:12927 status accepted submitted 2011-07-28T11:57:52.000-05:00 title HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities version 50 accepted 2014-08-18T04:00:55.818-04:00 class vulnerability contributors name Aharon Chernin organization DTCC name Dragos Prisaca organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Java SE Development Kit 6 is installed oval oval:org.mitre.oval:def:15831 comment Java SE Runtime Environment 6 is installed oval oval:org.mitre.oval:def:16362
description Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. family windows id oval:org.mitre.oval:def:14230 status accepted submitted 2011-11-25T18:04:12.000-05:00 title Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. version 8
Packetstorm
| data source | https://packetstormsecurity.com/files/download/99385/java_codebase_trust.rb.txt |
| id | PACKETSTORM:99385 |
| last seen | 2016-12-05 |
| published | 2011-03-16 |
| reporter | jduck |
| source | https://packetstormsecurity.com/files/99385/Sun-Java-Applet2ClassLoader-Remote-Code-Execution-Exploit.html |
| title | Sun Java Applet2ClassLoader Remote Code Execution Exploit |
Redhat
| advisories |
| ||||||||
| rpms |
|
Saint
| bid | 46388 |
| description | Oracle Java Applet2ClassLoader Vulnerability |
| id | misc_javawebstart |
| osvdb | 71193 |
| title | oracle_java_applet2classloader_rce |
| type | client |
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:71475 |
| last seen | 2017-11-19 |
| modified | 2014-07-01 |
| published | 2014-07-01 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-71475 |
| title | Sun Java Applet2ClassLoader - Remote Code Execution Exploit |
References
- http://marc.info/?l=bugtraq&m=134254866602253&w=2
- http://marc.info/?l=bugtraq&m=134254957702612&w=2
- http://secunia.com/advisories/44954
- http://securityreason.com/securityalert/8145
- http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
- http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html
- http://www.redhat.com/support/errata/RHSA-2011-0282.html
- http://www.redhat.com/support/errata/RHSA-2011-0880.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12927
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14230