PT-2011-1552 · Oracle+2 · Java Runtime Environment+3

Published

2011-02-17

·

Updated

2018-10-30

·

CVE-2010-4448

CVSS v2.0

2.6

Low

VectorAV:N/AC:H/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Java Runtime Environment (JRE) versions 6 Update 23 and earlier Java Runtime Environment (JRE) versions 5.0 Update 27 and earlier Java Runtime Environment (JRE) version 1.4.2 29 and earlier
Description The issue allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. There are claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets", but Oracle has not commented on these claims.
Recommendations For Java Runtime Environment (JRE) versions 6 Update 23 and earlier, update to a version later than Update 23. For Java Runtime Environment (JRE) versions 5.0 Update 27 and earlier, update to a version later than Update 27. For Java Runtime Environment (JRE) version 1.4.2 29 and earlier, update to a version later than 1.4.2 29. As a temporary workaround, consider restricting the use of untrusted Java Web Start applications and untrusted Java applets until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2010-4448
DSA-2224-1
HPSBUX02777
RHSA-2011:0281
RHSA-2011:0282
RHSA-2011:0357
RHSA-2011:0364
RHSA-2011:0490
RHSA-2011:0870
RHSA-2011:0880
RHSA-2011_0281
RHSA-2011_0282
RHSA-2011_0357
RHSA-2011_0364

Affected Products

Hp-Ux
Java Platform
Java Runtime Environment
Red Hat