CVE-2010-3561

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 5.0 Update 25 through 6 Update 21 Java for Business versions 5.0 Update 25 through 6 Update 21

Description The issue affects the confidentiality, integrity, and availability of the system. It is related to the CORBA component and allows remote attackers to affect the system via unknown vectors. There are claims that this issue involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions.

Recommendations For Oracle Java SE versions 5.0 Update 25 through 6 Update 21, update to a version that contains the fix for this issue. For Java for Business versions 5.0 Update 25 through 6 Update 21, update to a version that contains the fix for this issue. As a temporary workaround, consider restricting access to the CORBA component until a patch is available. Avoid using the accept method in the ServerSocket class without proper host connection limitations until the issue is resolved.