CVE-2010-0094

Name of the Vulnerable Software and Affected Versions Java SE versions 5.0 through 5.0 Update 23 Java SE versions 6 Update 18

Description The issue affects confidentiality, integrity, and availability. It is reportedly due to missing privilege checks during deserialization of RMIConnectionImpl objects, allowing remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized. This can lead to remote code execution.

Recommendations For Java SE versions 5.0 through 5.0 Update 23, update to a version later than Update 23 to resolve the issue. For Java SE version 6 Update 18, update to a version later than Update 18 to resolve the issue. As a temporary workaround, consider restricting access to the RMIConnectionImpl object to minimize the risk of exploitation.