PT-2010-4914 · Oracle+2 · Java Se+4
Published
2010-10-13
·
Updated
2018-10-30
·
CVE-2010-3553
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Oracle Java SE and Java for Business versions 6 Update 21, 5.0 Update 25, 1.4.2 27, and 1.3.1 28
Description
The issue affects the confidentiality, integrity, and availability of the system, allowing remote attackers to exploit it via unknown vectors. It is reportedly related to unsafe reflection involving the
UIDefault.ProxyLazyValue class in the Swing component.Recommendations
For Oracle Java SE and Java for Business version 6 Update 21, update to a newer version to mitigate the risk.
For Oracle Java SE and Java for Business version 5.0 Update 25, update to a newer version to mitigate the risk.
For Oracle Java SE and Java for Business version 1.4.2 27, update to a newer version to mitigate the risk.
For Oracle Java SE and Java for Business version 1.3.1 28, update to a newer version to mitigate the risk.
As a temporary workaround, consider restricting access to the Swing component until a patch is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hp-Ux
Java Platform
Java Se
Java For Business
Red Hat