PT-2010-4929 · Oracle+2 · Java Se+4

Marc Schoenefeld

Publicado

2010-10-13

Atualizado

2018-10-30

CVE-2010-3568

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Java SE versions 5.0 Update 25, 6 Update 21, and 1.4.2 27 Java for Business versions 5.0 Update 25, 6 Update 21, and 1.4.2 27

Description The issue allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. It is reportedly related to a race condition in deserialization, although this has not been confirmed by Oracle.

Recommendations For Java SE versions 5.0 Update 25, 6 Update 21, and 1.4.2 27, update to a version that contains a fix for this issue. For Java for Business versions 5.0 Update 25, 6 Update 21, and 1.4.2 27, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting deserialization to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2010-3568

HPSBUX02608

RHSA-2010:0768

RHSA-2010:0770

RHSA-2010:0786

RHSA-2010:0807

RHSA-2010:0865

RHSA-2010:0873

RHSA-2010:0986

RHSA-2010:0987

RHSA-2010_0768

RHSA-2010_0865

RHSA-2010_0873

RHSA-2010_0987

RHSA-2011:0880

Produtos afetados

Hp-Ux

Java Platform

Java Se

Java For Business

Red Hat

PT-2010-4929 · Oracle+2 · Java Se+4

CVE-2010-3568

Identificadores relacionados

Produtos afetados

Referências · 150