PT-2010-4929 · Oracle+2 · Java Se+4

Marc Schoenefeld

Published

2010-10-13

Updated

2018-10-30

CVE-2010-3568

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Java SE versions 5.0 Update 25, 6 Update 21, and 1.4.2 27 Java for Business versions 5.0 Update 25, 6 Update 21, and 1.4.2 27

Description The issue allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. It is reportedly related to a race condition in deserialization, although this has not been confirmed by Oracle.

Recommendations For Java SE versions 5.0 Update 25, 6 Update 21, and 1.4.2 27, update to a version that contains a fix for this issue. For Java for Business versions 5.0 Update 25, 6 Update 21, and 1.4.2 27, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting deserialization to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2010-3568

HPSBUX02608

RHSA-2010:0768

RHSA-2010:0770

RHSA-2010:0786

RHSA-2010:0807

RHSA-2010:0865

RHSA-2010:0873

RHSA-2010:0986

RHSA-2010:0987

RHSA-2010_0768

RHSA-2010_0865

RHSA-2010_0873

RHSA-2010_0987

RHSA-2011:0880

Affected Products

Hp-Ux

Java Platform

Java Se

Java For Business

Red Hat

PT-2010-4929 · Oracle+2 · Java Se+4

CVE-2010-3568

Related Identifiers

Affected Products

References · 150