PT-2011-1552 · Oracle+2 · Java Runtime Environment+3

Publicado

2011-02-17

·

Atualizado

2018-10-30

·

CVE-2010-4448

CVSS v2.0

2.6

Baixa

VetorAV:N/AC:H/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Java Runtime Environment (JRE) versions 6 Update 23 and earlier Java Runtime Environment (JRE) versions 5.0 Update 27 and earlier Java Runtime Environment (JRE) version 1.4.2 29 and earlier
Description The issue allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. There are claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets", but Oracle has not commented on these claims.
Recommendations For Java Runtime Environment (JRE) versions 6 Update 23 and earlier, update to a version later than Update 23. For Java Runtime Environment (JRE) versions 5.0 Update 27 and earlier, update to a version later than Update 27. For Java Runtime Environment (JRE) version 1.4.2 29 and earlier, update to a version later than 1.4.2 29. As a temporary workaround, consider restricting the use of untrusted Java Web Start applications and untrusted Java applets until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Identificadores relacionados

CVE-2010-4448
DSA-2224-1
HPSBUX02777
RHSA-2011:0281
RHSA-2011:0282
RHSA-2011:0357
RHSA-2011:0364
RHSA-2011:0490
RHSA-2011:0870
RHSA-2011:0880
RHSA-2011_0281
RHSA-2011_0282
RHSA-2011_0357
RHSA-2011_0364

Produtos afetados

Hp-Ux
Java Platform
Java Runtime Environment
Red Hat