CVE-2010-3549

Published: Oct 19, 2010Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class.

Affected (257)

Products: Sun: Jre, Jdk, Sdk

3 products

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Sun Jre	Up to 1.6.0
Sun Jre	Version 1.6.0
Sun Jre	Version 1.6.0 update_10
Sun Jre	Version 1.6.0 update_11
Sun Jre	Version 1.6.0 update_12
Sun Jre	Version 1.6.0 update_13
Sun Jre	Version 1.6.0 update_14
Sun Jre	Version 1.6.0 update_15
Sun Jre	Version 1.6.0 update_16
Sun Jre	Version 1.6.0 update_17
Sun Jre	Version 1.6.0 update_18
Sun Jre	Version 1.6.0 update_19
Sun Jre	Version 1.6.0 update_1
Sun Jre	Version 1.6.0 update_20
Sun Jre	Version 1.6.0 update_2
Sun Jre	Version 1.6.0 update_3
Sun Jre	Version 1.6.0 update_4
Sun Jre	Version 1.6.0 update_5
Sun Jre	Version 1.6.0 update_6
Sun Jre	Version 1.6.0 update_7

Configuration B

21 vulnerable

Vulnerable Software	Affected Versions
Sun Jdk	Up to 1.6.0
Sun Jdk	Version 1.6.0
Sun Jdk	Version 1.6.0 update1
Sun Jdk	Version 1.6.0 update1_b06
Sun Jdk	Version 1.6.0 update2
Sun Jdk	Version 1.6.0 update_10
Sun Jdk	Version 1.6.0 update_11
Sun Jdk	Version 1.6.0 update_12
Sun Jdk	Version 1.6.0 update_13
Sun Jdk	Version 1.6.0 update_14
Sun Jdk	Version 1.6.0 update_15
Sun Jdk	Version 1.6.0 update_16
Sun Jdk	Version 1.6.0 update_17
Sun Jdk	Version 1.6.0 update_18
Sun Jdk	Version 1.6.0 update_19
Sun Jdk	Version 1.6.0 update_20
Sun Jdk	Version 1.6.0 update_3
Sun Jdk	Version 1.6.0 update_4
Sun Jdk	Version 1.6.0 update_5
Sun Jdk	Version 1.6.0 update_6
Sun Jdk	Version 1.6.0 update_7

Configuration C

26 vulnerable

Vulnerable Software	Affected Versions
Sun Jdk	Up to 1.5.0
Sun Jdk	Version 1.5.0
Sun Jdk	Version 1.5.0 update10
Sun Jdk	Version 1.5.0 update11
Sun Jdk	Version 1.5.0 update12
Sun Jdk	Version 1.5.0 update13
Sun Jdk	Version 1.5.0 update14
Sun Jdk	Version 1.5.0 update15
Sun Jdk	Version 1.5.0 update16
Sun Jdk	Version 1.5.0 update17
Sun Jdk	Version 1.5.0 update18
Sun Jdk	Version 1.5.0 update19
Sun Jdk	Version 1.5.0 update1
Sun Jdk	Version 1.5.0 update20
Sun Jdk	Version 1.5.0 update21
Sun Jdk	Version 1.5.0 update22
Sun Jdk	Version 1.5.0 update23
Sun Jdk	Version 1.5.0 update24
Sun Jdk	Version 1.5.0 update2
Sun Jdk	Version 1.5.0 update3
Sun Jdk	Version 1.5.0 update4
Sun Jdk	Version 1.5.0 update5
Sun Jdk	Version 1.5.0 update6
Sun Jdk	Version 1.5.0 update7
Sun Jdk	Version 1.5.0 update8
Sun Jdk	Version 1.5.0 update9

Configuration D

28 vulnerable

Vulnerable Software	Affected Versions
Sun Sdk	Up to 1.4.2_27
Sun Sdk	Version 1.4.2
Sun Sdk	Version 1.4.2_02
Sun Sdk	Version 1.4.2_10
Sun Sdk	Version 1.4.2_11
Sun Sdk	Version 1.4.2_12
Sun Sdk	Version 1.4.2_13
Sun Sdk	Version 1.4.2_14
Sun Sdk	Version 1.4.2_15
Sun Sdk	Version 1.4.2_16
Sun Sdk	Version 1.4.2_17
Sun Sdk	Version 1.4.2_18
Sun Sdk	Version 1.4.2_19
Sun Sdk	Version 1.4.2_1
Sun Sdk	Version 1.4.2_20
Sun Sdk	Version 1.4.2_21
Sun Sdk	Version 1.4.2_22
Sun Sdk	Version 1.4.2_23
Sun Sdk	Version 1.4.2_24
Sun Sdk	Version 1.4.2_25
Sun Sdk	Version 1.4.2_26
Sun Sdk	Version 1.4.2_3
Sun Sdk	Version 1.4.2_4
Sun Sdk	Version 1.4.2_5
Sun Sdk	Version 1.4.2_6
Sun Sdk	Version 1.4.2_7
Sun Sdk	Version 1.4.2_8
Sun Sdk	Version 1.4.2_9

Configuration E

26 vulnerable

Vulnerable Software	Affected Versions
Sun Jre	Up to 1.5.0
Sun Jre	Version 1.5.0
Sun Jre	Version 1.5.0 update10
Sun Jre	Version 1.5.0 update11
Sun Jre	Version 1.5.0 update12
Sun Jre	Version 1.5.0 update13
Sun Jre	Version 1.5.0 update14
Sun Jre	Version 1.5.0 update15
Sun Jre	Version 1.5.0 update16
Sun Jre	Version 1.5.0 update17
Sun Jre	Version 1.5.0 update18
Sun Jre	Version 1.5.0 update19
Sun Jre	Version 1.5.0 update1
Sun Jre	Version 1.5.0 update20
Sun Jre	Version 1.5.0 update21
Sun Jre	Version 1.5.0 update22
Sun Jre	Version 1.5.0 update23
Sun Jre	Version 1.5.0 update24
Sun Jre	Version 1.5.0 update2
Sun Jre	Version 1.5.0 update3
Sun Jre	Version 1.5.0 update4
Sun Jre	Version 1.5.0 update5
Sun Jre	Version 1.5.0 update6
Sun Jre	Version 1.5.0 update7
Sun Jre	Version 1.5.0 update8
Sun Jre	Version 1.5.0 update9

Configuration F

28 vulnerable

Vulnerable Software	Affected Versions
Sun Jre	Up to 1.4.2_27
Sun Jre	Version 1.4.2
Sun Jre	Version 1.4.2_10
Sun Jre	Version 1.4.2_11
Sun Jre	Version 1.4.2_12
Sun Jre	Version 1.4.2_13
Sun Jre	Version 1.4.2_14
Sun Jre	Version 1.4.2_15
Sun Jre	Version 1.4.2_16
Sun Jre	Version 1.4.2_17
Sun Jre	Version 1.4.2_18
Sun Jre	Version 1.4.2_19
Sun Jre	Version 1.4.2_1
Sun Jre	Version 1.4.2_20
Sun Jre	Version 1.4.2_21
Sun Jre	Version 1.4.2_22
Sun Jre	Version 1.4.2_23
Sun Jre	Version 1.4.2_24
Sun Jre	Version 1.4.2_25
Sun Jre	Version 1.4.2_26
Sun Jre	Version 1.4.2_2
Sun Jre	Version 1.4.2_3
Sun Jre	Version 1.4.2_4
Sun Jre	Version 1.4.2_5
Sun Jre	Version 1.4.2_6
Sun Jre	Version 1.4.2_7
Sun Jre	Version 1.4.2_8
Sun Jre	Version 1.4.2_9

Configuration G

36 vulnerable

Vulnerable Software	Affected Versions
Sun Jdk	Up to 1.3.1_28
Sun Jdk	Version 1.3.0
Sun Jdk	Version 1.3.0_01
Sun Jdk	Version 1.3.0_02
Sun Jdk	Version 1.3.0_03
Sun Jdk	Version 1.3.0_04
Sun Jdk	Version 1.3.0_05
Sun Jdk	Version 1.3.1
Sun Jdk	Version 1.3.1_01
Sun Jdk	Version 1.3.1_01a
Sun Jdk	Version 1.3.1_02
Sun Jdk	Version 1.3.1_03
Sun Jdk	Version 1.3.1_04
Sun Jdk	Version 1.3.1_05
Sun Jdk	Version 1.3.1_06
Sun Jdk	Version 1.3.1_07
Sun Jdk	Version 1.3.1_08
Sun Jdk	Version 1.3.1_09
Sun Jdk	Version 1.3.1_10
Sun Jdk	Version 1.3.1_11
Sun Jdk	Version 1.3.1_12
Sun Jdk	Version 1.3.1_13
Sun Jdk	Version 1.3.1_14
Sun Jdk	Version 1.3.1_15
Sun Jdk	Version 1.3.1_16
Sun Jdk	Version 1.3.1_17
Sun Jdk	Version 1.3.1_18
Sun Jdk	Version 1.3.1_19
Sun Jdk	Version 1.3.1_20
Sun Jdk	Version 1.3.1_21
Sun Jdk	Version 1.3.1_22
Sun Jdk	Version 1.3.1_23
Sun Jdk	Version 1.3.1_24
Sun Jdk	Version 1.3.1_25
Sun Jdk	Version 1.3.1_26
Sun Jdk	Version 1.3.1_27

Configuration H

36 vulnerable

Vulnerable Software	Affected Versions
Sun Jre	Up to 1.3.1_28
Sun Jre	Version 1.3.0
Sun Jre	Version 1.3.0 update1
Sun Jre	Version 1.3.0 update2
Sun Jre	Version 1.3.0 update3
Sun Jre	Version 1.3.0 update4
Sun Jre	Version 1.3.0 update5
Sun Jre	Version 1.3.1
Sun Jre	Version 1.3.1 update1
Sun Jre	Version 1.3.1 update2
Sun Jre	Version 1.3.1_03
Sun Jre	Version 1.3.1_04
Sun Jre	Version 1.3.1_05
Sun Jre	Version 1.3.1_06
Sun Jre	Version 1.3.1_07
Sun Jre	Version 1.3.1_08
Sun Jre	Version 1.3.1_09
Sun Jre	Version 1.3.1_10
Sun Jre	Version 1.3.1_11
Sun Jre	Version 1.3.1_12
Sun Jre	Version 1.3.1_13
Sun Jre	Version 1.3.1_14
Sun Jre	Version 1.3.1_15
Sun Jre	Version 1.3.1_16
Sun Jre	Version 1.3.1_17
Sun Jre	Version 1.3.1_18
Sun Jre	Version 1.3.1_19
Sun Jre	Version 1.3.1_20
Sun Jre	Version 1.3.1_21
Sun Jre	Version 1.3.1_22
Sun Jre	Version 1.3.1_23
Sun Jre	Version 1.3.1_24
Sun Jre	Version 1.3.1_25
Sun Jre	Version 1.3.1_26
Sun Jre	Version 1.3.1_27
Sun Jre	Version 1.3.1_2

Configuration I

36 vulnerable

Vulnerable Software	Affected Versions
Sun Sdk	Up to 1.3.1_28
Sun Sdk	Version 1.3.0
Sun Sdk	Version 1.3.0_01
Sun Sdk	Version 1.3.0_02
Sun Sdk	Version 1.3.0_03
Sun Sdk	Version 1.3.0_04
Sun Sdk	Version 1.3.0_05
Sun Sdk	Version 1.3.1
Sun Sdk	Version 1.3.1_01
Sun Sdk	Version 1.3.1_01a
Sun Sdk	Version 1.3.1_02
Sun Sdk	Version 1.3.1_03
Sun Sdk	Version 1.3.1_04
Sun Sdk	Version 1.3.1_05
Sun Sdk	Version 1.3.1_06
Sun Sdk	Version 1.3.1_07
Sun Sdk	Version 1.3.1_08
Sun Sdk	Version 1.3.1_09
Sun Sdk	Version 1.3.1_10
Sun Sdk	Version 1.3.1_11
Sun Sdk	Version 1.3.1_12
Sun Sdk	Version 1.3.1_13
Sun Sdk	Version 1.3.1_14
Sun Sdk	Version 1.3.1_15
Sun Sdk	Version 1.3.1_16
Sun Sdk	Version 1.3.1_17
Sun Sdk	Version 1.3.1_18
Sun Sdk	Version 1.3.1_19
Sun Sdk	Version 1.3.1_20
Sun Sdk	Version 1.3.1_21
Sun Sdk	Version 1.3.1_22
Sun Sdk	Version 1.3.1_23
Sun Sdk	Version 1.3.1_24
Sun Sdk	Version 1.3.1_25
Sun Sdk	Version 1.3.1_26
Sun Sdk	Version 1.3.1_27

References (68)

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748

Source: secalert_us@oracle.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html

Source: secalert_us@oracle.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html

Source: secalert_us@oracle.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html

Source: secalert_us@oracle.com

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

Source: secalert_us@oracle.com

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html

Source: secalert_us@oracle.com

http://marc.info/?l=bugtraq&m=134254866602253&w=2

Source: secalert_us@oracle.com

http://secunia.com/advisories/41967

Source: secalert_us@oracle.com

http://secunia.com/advisories/41972

Source: secalert_us@oracle.com

http://secunia.com/advisories/42974

Source: secalert_us@oracle.com

http://secunia.com/advisories/44954

Source: secalert_us@oracle.com

http://security.gentoo.org/glsa/glsa-201406-32.xml

Source: secalert_us@oracle.com

http://support.avaya.com/css/P8/documents/100114315

Source: secalert_us@oracle.com

http://support.avaya.com/css/P8/documents/100114327

Source: secalert_us@oracle.com

http://support.avaya.com/css/P8/documents/100123193

Source: secalert_us@oracle.com

http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

Source: secalert_us@oracle.com

http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

Source: secalert_us@oracle.com

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2010-0768.html

Source: secalert_us@oracle.com

http://www.redhat.com/support/errata/RHSA-2010-0770.html

Source: secalert_us@oracle.com

http://www.redhat.com/support/errata/RHSA-2010-0786.html

Source: secalert_us@oracle.com

http://www.redhat.com/support/errata/RHSA-2010-0807.html

Source: secalert_us@oracle.com

http://www.redhat.com/support/errata/RHSA-2010-0865.html

Source: secalert_us@oracle.com

http://www.redhat.com/support/errata/RHSA-2010-0873.html

Source: secalert_us@oracle.com

http://www.redhat.com/support/errata/RHSA-2010-0986.html

Source: secalert_us@oracle.com

http://www.redhat.com/support/errata/RHSA-2010-0987.html

Source: secalert_us@oracle.com

http://www.redhat.com/support/errata/RHSA-2011-0880.html

Source: secalert_us@oracle.com

http://www.securityfocus.com/archive/1/516397/100/0/threaded

Source: secalert_us@oracle.com

http://www.securityfocus.com/bid/44027

Source: secalert_us@oracle.com

http://www.ubuntu.com/usn/USN-1010-1

Source: secalert_us@oracle.com

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

Source: secalert_us@oracle.com

http://www.vupen.com/english/advisories/2010/2745

Source: secalert_us@oracle.com

https://bugzilla.redhat.com/show_bug.cgi?id=642180

Source: secalert_us@oracle.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11559

Source: secalert_us@oracle.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14340

Source: secalert_us@oracle.com

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748