CVE-2010-4470

Name of the Vulnerable Software and Affected Versions Java Runtime Environment (JRE) versions prior to 6 Update 23

Description The issue allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. It is also claimed by a downstream vendor to be related to "Features set on SchemaFactory not inherited by Validator," although Oracle has not commented on this.

Recommendations For versions prior to 6 Update 23, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to JAXP and unspecified APIs until a patch is available. Avoid using the SchemaFactory and Validator classes in the affected API endpoints until the issue is resolved.