CVE-2010-3563

Published: Oct 19, 2010Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.

Affected (41)

Products: Sun: Jre, Jdk

2 products

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Sun Jre	Up to 1.6.0
Sun Jre	Version 1.6.0
Sun Jre	Version 1.6.0 update_10
Sun Jre	Version 1.6.0 update_11
Sun Jre	Version 1.6.0 update_12
Sun Jre	Version 1.6.0 update_13
Sun Jre	Version 1.6.0 update_14
Sun Jre	Version 1.6.0 update_15
Sun Jre	Version 1.6.0 update_16
Sun Jre	Version 1.6.0 update_17
Sun Jre	Version 1.6.0 update_18
Sun Jre	Version 1.6.0 update_19
Sun Jre	Version 1.6.0 update_1
Sun Jre	Version 1.6.0 update_20
Sun Jre	Version 1.6.0 update_2
Sun Jre	Version 1.6.0 update_3
Sun Jre	Version 1.6.0 update_4
Sun Jre	Version 1.6.0 update_5
Sun Jre	Version 1.6.0 update_6
Sun Jre	Version 1.6.0 update_7

Configuration B

21 vulnerable

Vulnerable Software	Affected Versions
Sun Jdk	Up to 1.6.0
Sun Jdk	Version 1.6.0
Sun Jdk	Version 1.6.0 update1
Sun Jdk	Version 1.6.0 update1_b06
Sun Jdk	Version 1.6.0 update2
Sun Jdk	Version 1.6.0 update_10
Sun Jdk	Version 1.6.0 update_11
Sun Jdk	Version 1.6.0 update_12
Sun Jdk	Version 1.6.0 update_13
Sun Jdk	Version 1.6.0 update_14
Sun Jdk	Version 1.6.0 update_15
Sun Jdk	Version 1.6.0 update_16
Sun Jdk	Version 1.6.0 update_17
Sun Jdk	Version 1.6.0 update_18
Sun Jdk	Version 1.6.0 update_19
Sun Jdk	Version 1.6.0 update_20
Sun Jdk	Version 1.6.0 update_3
Sun Jdk	Version 1.6.0 update_4
Sun Jdk	Version 1.6.0 update_5
Sun Jdk	Version 1.6.0 update_6
Sun Jdk	Version 1.6.0 update_7

References (28)

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748

Source: secalert_us@oracle.com

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

Source: secalert_us@oracle.com

http://marc.info/?l=bugtraq&m=134254866602253&w=2

Source: secalert_us@oracle.com

http://secunia.com/advisories/44954

Source: secalert_us@oracle.com

Vendor Advisory

http://support.avaya.com/css/P8/documents/100114315

Source: secalert_us@oracle.com

http://support.avaya.com/css/P8/documents/100123193

Source: secalert_us@oracle.com

http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

Source: secalert_us@oracle.com

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2010-0770.html

Source: secalert_us@oracle.com

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2010-0987.html

Source: secalert_us@oracle.com

http://www.redhat.com/support/errata/RHSA-2011-0880.html

Source: secalert_us@oracle.com

Vendor Advisory

http://www.securityfocus.com/bid/43999

Source: secalert_us@oracle.com

http://www.zerodayinitiative.com/advisories/ZDI-10-202/

Source: secalert_us@oracle.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12181

Source: secalert_us@oracle.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12554

Source: secalert_us@oracle.com

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=134254866602253&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/44954

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.avaya.com/css/P8/documents/100114315

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.avaya.com/css/P8/documents/100123193

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2010-0770.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2010-0987.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2011-0880.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/43999

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.zerodayinitiative.com/advisories/ZDI-10-202/

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12181

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12554

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.