Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-0840

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."

Published

2010-04-01T16:30:00.907

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	oracle	jre	1.4.2_25	Yes
Application	oracle	jre	1.5.0	Yes
Application	oracle	jre	1.6.0	Yes
Operating System	opensuse	opensuse	11.0	Yes
Operating System	opensuse	opensuse	11.1	Yes
Operating System	opensuse	opensuse	11.2	Yes
Operating System	canonical	ubuntu_linux	8.04	Yes
Operating System	canonical	ubuntu_linux	8.10	Yes
Operating System	canonical	ubuntu_linux	9.04	Yes
Operating System	canonical	ubuntu_linux	9.10	Yes

References

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 Broken Link ([email protected])
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 Broken Link ([email protected])
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 Broken Link ([email protected])
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 Broken Link ([email protected])
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html Mailing List, Third Party Advisory ([email protected])
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html Mailing List, Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=127557596201693&w=2 Mailing List ([email protected])
http://marc.info/?l=bugtraq&m=127557596201693&w=2 Mailing List ([email protected])
http://marc.info/?l=bugtraq&m=127557596201693&w=2 Mailing List ([email protected])
http://marc.info/?l=bugtraq&m=127557596201693&w=2 Mailing List ([email protected])
http://marc.info/?l=bugtraq&m=134254866602253&w=2 Mailing List ([email protected])
http://secunia.com/advisories/39292 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/39317 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/39659 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/39819 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/40211 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/40545 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/43308 Broken Link, Vendor Advisory ([email protected])
http://support.apple.com/kb/HT4170 Release Notes, Third Party Advisory ([email protected])
http://support.apple.com/kb/HT4171 Release Notes, Third Party Advisory ([email protected])
http://ubuntu.com/usn/usn-923-1 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 Broken Link ([email protected])
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html Patch, Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html Patch, Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0337.html Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0338.html Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0339.html Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0383.html Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0471.html Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0489.html Broken Link ([email protected])
http://www.securityfocus.com/archive/1/510528/100/0/threaded Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/516397/100/0/threaded Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/39065 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.vmware.com/security/advisories/VMSA-2011-0003.html Third Party Advisory ([email protected])
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html Release Notes ([email protected])
http://www.vupen.com/english/advisories/2010/1107 Broken Link ([email protected])
http://www.vupen.com/english/advisories/2010/1191 Broken Link, Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2010/1454 Broken Link, Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2010/1523 Broken Link, Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2010/1793 Broken Link, Vendor Advisory ([email protected])
http://www.zerodayinitiative.com/advisories/ZDI-10-056 Third Party Advisory, VDB Entry ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13971 Broken Link ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9974 Broken Link ([email protected])
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=127557596201693&w=2 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=127557596201693&w=2 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=127557596201693&w=2 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=127557596201693&w=2 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=134254866602253&w=2 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/39292 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/39317 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/39659 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/39819 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/40211 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/40545 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43308 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT4170 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT4171 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://ubuntu.com/usn/usn-923-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0337.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0338.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0339.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0383.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0471.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0489.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/510528/100/0/threaded Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/516397/100/0/threaded Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/39065 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html Release Notes (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1107 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1191 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1454 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1523 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1793 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.zerodayinitiative.com/advisories/ZDI-10-056 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13971 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9974 Broken Link (af854a3a-2127-422b-91ae-364da2661108)