CVE-2010-3573

Name of the Vulnerable Software and Affected Versions Oracle Java SE and Java for Business versions 5.0 Update 25 through 6 Update 21

Description The issue affects the confidentiality, integrity, and availability of the system, allowing remote attackers to exploit it via unknown vectors. There are claims from a reliable downstream vendor that this vulnerability might be related to missing validation of request headers in the HttpURLConnection class when they are set by applets, potentially allowing remote attackers to bypass the intended security policy.

Recommendations For Oracle Java SE and Java for Business versions 5.0 Update 25 through 6 Update 21, consider restricting the use of the HttpURLConnection class in applets until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.