PT-2010-4909 · Oracle+2 · Java Se+4

Marc Schoenefeld

Publicado

2010-10-13

Atualizado

2018-10-30

CVE-2010-3548

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 6 Update 21, 5.0 Update 25, and 1.4.2 27 Java for Business versions 6 Update 21, 5.0 Update 25, and 1.4.2 27

Description The issue affects the Java Naming and Directory Interface (JNDI) component, allowing remote attackers to impact confidentiality through unknown vectors. There are claims that this could enable remote attackers to determine internal IP addresses or otherwise-protected internal network names, although Oracle has not commented on these claims.

Recommendations For Oracle Java SE versions 6 Update 21, 5.0 Update 25, and 1.4.2 27, update to a version that addresses this issue. For Java for Business versions 6 Update 21, 5.0 Update 25, and 1.4.2 27, update to a version that addresses this issue. As a temporary workaround, consider restricting access to the JNDI component until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2010-3548

HPSBUX02608

RHSA-2010:0768

RHSA-2010:0770

RHSA-2010:0786

RHSA-2010:0807

RHSA-2010:0865

RHSA-2010:0873

RHSA-2010:0986

RHSA-2010:0987

RHSA-2010_0768

RHSA-2010_0865

RHSA-2010_0873

RHSA-2010_0987

RHSA-2011:0880

Produtos afetados

Hp-Ux

Java Platform

Java Se

Java For Business

Red Hat

PT-2010-4909 · Oracle+2 · Java Se+4

CVE-2010-3548

Identificadores relacionados

Produtos afetados

Referências · 153