CVE-2010-3541

Name of the Vulnerable Software and Affected Versions Oracle Java SE and Java for Business versions 6 Update 21 through 6 Update 21, 5.0 Update 25, 1.4.2 27, and 1.3.1 28

Description The issue affects the Networking component, potentially allowing remote attackers to impact confidentiality, integrity, and availability through unknown vectors. There are claims that this vulnerability might be related to missing validation of request headers in the HttpURLConnection class when set by applets, which could enable remote attackers to bypass the intended security policy.

Recommendations For Oracle Java SE and Java for Business version 6 Update 21, consider disabling the HttpURLConnection class until a patch is available. For Oracle Java SE and Java for Business version 5.0 Update 25, restrict access to applets that set request headers in the HttpURLConnection class to minimize the risk of exploitation. For Oracle Java SE and Java for Business versions 1.4.2 27 and 1.3.1 28, avoid using the HttpURLConnection class in applets until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.