csaf_redhat - rhsa-2010

rhsa-2010_0768

Vulnerability from csaf_redhat

Published

2010-10-13 16:22

Modified

2024-11-05 17:20

Summary

Red Hat Security Advisory: java-1.6.0-openjdk security and bug fix update

Notes

Topic

Updated java-1.6.0-openjdk packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the "chunked" transfer encoding method, which could allow remote attackers to conduct HTTP response splitting attacks. (CVE-2010-3549) HttpURLConnection improperly checked whether the calling code was granted the "allowHttpTrace" permission, allowing untrusted code to create HTTP TRACE requests. (CVE-2010-3574) HttpURLConnection did not validate request headers set by applets, which could allow remote attackers to trigger actions otherwise restricted to HTTP clients. (CVE-2010-3541, CVE-2010-3573) The Kerberos implementation improperly checked the sanity of AP-REQ requests, which could cause a denial of service condition in the receiving Java Virtual Machine. (CVE-2010-3564) The RHSA-2010:0339 update mitigated a man-in-the-middle attack in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation by disabling renegotiation. This update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, allowing secure renegotiation between updated clients and servers. (CVE-2009-3555) The NetworkInterface class improperly checked the network "connect" permissions for local network addresses, which could allow remote attackers to read local network addresses. (CVE-2010-3551) Information leak flaw in the Java Naming and Directory Interface (JNDI) could allow a remote attacker to access information about otherwise-protected internal network names. (CVE-2010-3548) Note: Flaws concerning applets in this advisory (CVE-2010-3568, CVE-2010-3554, CVE-2009-3555, CVE-2010-3562, CVE-2010-3557, CVE-2010-3548, CVE-2010-3564, CVE-2010-3565, CVE-2010-3569) can only be triggered in OpenJDK by calling the "appletviewer" application. Bug fixes: * This update provides one defense in depth patch. (BZ#639922) * Problems for certain SSL connections. In a reported case, this prevented the JBoss JAAS modules from connecting over SSL to Microsoft Active Directory servers. (BZ#618290)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated java-1.6.0-openjdk packages that fix several security issues and\ntwo bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\ndefaultReadObject of the Serialization API could be tricked into setting a\nvolatile field multiple times, which could allow a remote attacker to\nexecute arbitrary code with the privileges of the user running the applet\nor application. (CVE-2010-3569)\n\nRace condition in the way objects were deserialized could allow an\nuntrusted applet or application to misuse the privileges of the user\nrunning the applet or application. (CVE-2010-3568)\n\nMiscalculation in the OpenType font rendering implementation caused\nout-of-bounds memory access, which could allow remote attackers to execute\ncode with the privileges of the user running the java process.\n(CVE-2010-3567)\n\nJPEGImageWriter.writeImage in the imageio API improperly checked certain\nimage metadata, which could allow a remote attacker to execute arbitrary\ncode in the context of the user running the applet or application.\n(CVE-2010-3565)\n\nDouble free in IndexColorModel could cause an untrusted applet or\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the applet or application. (CVE-2010-3562)\n\nThe privileged accept method of the ServerSocket class in the Common Object\nRequest Broker Architecture (CORBA) implementation in OpenJDK allowed it to\nreceive connections from any host, instead of just the host of the current\nconnection. An attacker could use this flaw to bypass restrictions defined\nby network permissions. (CVE-2010-3561)\n\nFlaws in the Swing library could allow an untrusted application to modify\nthe behavior and state of certain JDK classes. (CVE-2010-3557)\n\nFlaws in the CORBA implementation could allow an attacker to execute\narbitrary code by misusing permissions granted to certain system objects.\n(CVE-2010-3554)\n\nUIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted\ncallers to create objects via ProxyLazyValue values. (CVE-2010-3553)\n\nHttpURLConnection improperly handled the \"chunked\" transfer encoding\nmethod, which could allow remote attackers to conduct HTTP response\nsplitting attacks. (CVE-2010-3549)\n\nHttpURLConnection improperly checked whether the calling code was granted\nthe \"allowHttpTrace\" permission, allowing untrusted code to create HTTP\nTRACE requests. (CVE-2010-3574)\n\nHttpURLConnection did not validate request headers set by applets, which\ncould allow remote attackers to trigger actions otherwise restricted to\nHTTP clients. (CVE-2010-3541, CVE-2010-3573)\n\nThe Kerberos implementation improperly checked the sanity of AP-REQ\nrequests, which could cause a denial of service condition in the receiving\nJava Virtual Machine. (CVE-2010-3564)\n\nThe RHSA-2010:0339 update mitigated a man-in-the-middle attack in the way\nthe TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols\nhandle session renegotiation by disabling renegotiation. This update\nimplements the TLS Renegotiation Indication Extension as defined in RFC\n5746, allowing secure renegotiation between updated clients and servers.\n(CVE-2009-3555)\n\nThe NetworkInterface class improperly checked the network \"connect\"\npermissions for local network addresses, which could allow remote attackers\nto read local network addresses. (CVE-2010-3551)\n\nInformation leak flaw in the Java Naming and Directory Interface (JNDI)\ncould allow a remote attacker to access information about\notherwise-protected internal network names. (CVE-2010-3548)\n\nNote: Flaws concerning applets in this advisory (CVE-2010-3568,\nCVE-2010-3554, CVE-2009-3555, CVE-2010-3562, CVE-2010-3557, CVE-2010-3548,\nCVE-2010-3564, CVE-2010-3565, CVE-2010-3569) can only be triggered in\nOpenJDK by calling the \"appletviewer\" application.\n\nBug fixes:\n\n* This update provides one defense in depth patch. (BZ#639922)\n\n* Problems for certain SSL connections. In a reported case, this prevented\nthe JBoss JAAS modules from connecting over SSL to Microsoft Active\nDirectory servers. (BZ#618290)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2010:0768",
        "url": "https://access.redhat.com/errata/RHSA-2010:0768"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#important",
        "url": "http://www.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/kb/docs/DOC-20491",
        "url": "https://access.redhat.com/kb/docs/DOC-20491"
      },
      {
        "category": "external",
        "summary": "533125",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
      },
      {
        "category": "external",
        "summary": "618290",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=618290"
      },
      {
        "category": "external",
        "summary": "639876",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639876"
      },
      {
        "category": "external",
        "summary": "639880",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639880"
      },
      {
        "category": "external",
        "summary": "639897",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639897"
      },
      {
        "category": "external",
        "summary": "639904",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639904"
      },
      {
        "category": "external",
        "summary": "639909",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639909"
      },
      {
        "category": "external",
        "summary": "639914",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639914"
      },
      {
        "category": "external",
        "summary": "639920",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639920"
      },
      {
        "category": "external",
        "summary": "639922",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639922"
      },
      {
        "category": "external",
        "summary": "639925",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639925"
      },
      {
        "category": "external",
        "summary": "642167",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642167"
      },
      {
        "category": "external",
        "summary": "642180",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642180"
      },
      {
        "category": "external",
        "summary": "642187",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642187"
      },
      {
        "category": "external",
        "summary": "642197",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642197"
      },
      {
        "category": "external",
        "summary": "642202",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642202"
      },
      {
        "category": "external",
        "summary": "642215",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642215"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0768.json"
      }
    ],
    "title": "Red Hat Security Advisory: java-1.6.0-openjdk security and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-05T17:20:50+00:00",
      "generator": {
        "date": "2024-11-05T17:20:50+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2010:0768",
      "initial_release_date": "2010-10-13T16:22:00+00:00",
      "revision_history": [
        {
          "date": "2010-10-13T16:22:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2010-10-13T12:23:43+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-05T17:20:50+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
                "product": {
                  "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
                  "product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-1.16.b17.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
                "product": {
                  "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
                  "product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-1.16.b17.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
                "product": {
                  "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
                  "product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-1.16.b17.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
                "product": {
                  "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
                  "product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-1.16.b17.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
                "product": {
                  "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
                  "product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.16.b17.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
                "product": {
                  "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
                  "product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-1.16.b17.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
                "product": {
                  "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
                  "product_id": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-devel@1.6.0.0-1.16.b17.el5?arch=i386\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
                "product": {
                  "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
                  "product_id": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-src@1.6.0.0-1.16.b17.el5?arch=i386\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
                "product": {
                  "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
                  "product_id": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-debuginfo@1.6.0.0-1.16.b17.el5?arch=i386\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
                "product": {
                  "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
                  "product_id": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-demo@1.6.0.0-1.16.b17.el5?arch=i386\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
                "product": {
                  "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
                  "product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.16.b17.el5?arch=i386\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
                "product": {
                  "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
                  "product_id": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-openjdk-javadoc@1.6.0.0-1.16.b17.el5?arch=i386\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
                "product": {
                  "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
                  "product_id": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-openjdk@1.6.0.0-1.16.b17.el5?arch=src\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386"
        },
        "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src"
        },
        "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64"
        },
        "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386"
        },
        "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64"
        },
        "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386"
        },
        "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64"
        },
        "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386"
        },
        "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64"
        },
        "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386"
        },
        "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64"
        },
        "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386"
        },
        "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
        },
        "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386"
        },
        "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src"
        },
        "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64"
        },
        "product_reference": "java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386"
        },
        "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64"
        },
        "product_reference": "java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386"
        },
        "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64"
        },
        "product_reference": "java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386"
        },
        "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64"
        },
        "product_reference": "java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386"
        },
        "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64"
        },
        "product_reference": "java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386"
        },
        "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
        },
        "product_reference": "java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-3555",
      "cwe": {
        "id": "CWE-300",
        "name": "Channel Accessible by Non-Endpoint"
      },
      "discovery_date": "2009-10-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "533125"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "TLS: MITM attacks via session renegotiation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Additional information can be found in the Red Hat Knowledgebase article:\nhttps://access.redhat.com/articles/20490",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3555"
        },
        {
          "category": "external",
          "summary": "RHBZ#533125",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3555",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555"
        }
      ],
      "release_date": "2009-11-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-10-13T16:22:00+00:00",
          "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0768"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "TLS: MITM attacks via session renegotiation"
    },
    {
      "cve": "CVE-2010-3541",
      "discovery_date": "2010-09-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "642202"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-3541"
        },
        {
          "category": "external",
          "summary": "RHBZ#642202",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642202"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3541",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-3541"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3541",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3541"
        }
      ],
      "release_date": "2010-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-10-13T16:22:00+00:00",
          "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0768"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)"
    },
    {
      "cve": "CVE-2010-3548",
      "discovery_date": "2010-09-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "639909"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or \"otherwise-protected internal network names.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK DNS server IP address information leak (6957564)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-3548"
        },
        {
          "category": "external",
          "summary": "RHBZ#639909",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639909"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-3548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3548"
        }
      ],
      "release_date": "2010-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-10-13T16:22:00+00:00",
          "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0768"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenJDK DNS server IP address information leak (6957564)"
    },
    {
      "cve": "CVE-2010-3549",
      "discovery_date": "2010-09-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "642180"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK HttpURLConnection request splitting (6952017)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-3549"
        },
        {
          "category": "external",
          "summary": "RHBZ#642180",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642180"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-3549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3549"
        }
      ],
      "release_date": "2010-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-10-13T16:22:00+00:00",
          "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0768"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "OpenJDK HttpURLConnection request splitting (6952017)"
    },
    {
      "cve": "CVE-2010-3551",
      "discovery_date": "2010-09-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "642187"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK local network address disclosure (6952603)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-3551"
        },
        {
          "category": "external",
          "summary": "RHBZ#642187",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642187"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3551",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-3551"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3551",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3551"
        }
      ],
      "release_date": "2010-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-10-13T16:22:00+00:00",
          "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0768"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenJDK local network address disclosure (6952603)"
    },
    {
      "cve": "CVE-2010-3553",
      "discovery_date": "2010-09-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "642167"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK Swing unsafe reflection usage (6622002)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-3553"
        },
        {
          "category": "external",
          "summary": "RHBZ#642167",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642167"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3553",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-3553"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3553",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3553"
        }
      ],
      "release_date": "2010-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-10-13T16:22:00+00:00",
          "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0768"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "OpenJDK Swing unsafe reflection usage (6622002)"
    },
    {
      "cve": "CVE-2010-3554",
      "discovery_date": "2010-09-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "639880"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is related to \"permissions granted to certain system objects.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK corba reflection vulnerabilities (6891766,6925672)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-3554"
        },
        {
          "category": "external",
          "summary": "RHBZ#639880",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639880"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3554",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-3554"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3554",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3554"
        }
      ],
      "release_date": "2010-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-10-13T16:22:00+00:00",
          "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0768"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "OpenJDK corba reflection vulnerabilities (6891766,6925672)"
    },
    {
      "cve": "CVE-2010-3557",
      "discovery_date": "2010-09-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "639904"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of \"behavior and state of certain JDK classes\" and \"mutable static.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK Swing mutable static (6938813)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-3557"
        },
        {
          "category": "external",
          "summary": "RHBZ#639904",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639904"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3557",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-3557"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3557",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3557"
        }
      ],
      "release_date": "2010-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-10-13T16:22:00+00:00",
          "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0768"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "OpenJDK Swing mutable static (6938813)"
    },
    {
      "cve": "CVE-2010-3561",
      "discovery_date": "2010-09-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "639880"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK corba reflection vulnerabilities (6891766,6925672)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-3561"
        },
        {
          "category": "external",
          "summary": "RHBZ#639880",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639880"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3561",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-3561"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3561",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3561"
        }
      ],
      "release_date": "2010-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-10-13T16:22:00+00:00",
          "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0768"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "OpenJDK corba reflection vulnerabilities (6891766,6925672)"
    },
    {
      "cve": "CVE-2010-3562",
      "discovery_date": "2010-09-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "639897"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK IndexColorModel double-free (6925710)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-3562"
        },
        {
          "category": "external",
          "summary": "RHBZ#639897",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639897"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3562",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-3562"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3562",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3562"
        }
      ],
      "release_date": "2010-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-10-13T16:22:00+00:00",
          "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0768"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "OpenJDK IndexColorModel double-free (6925710)"
    },
    {
      "cve": "CVE-2010-3564",
      "discovery_date": "2010-09-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "639914"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that the Kerberos implementation does not properly check AP-REQ requests, which allows attackers to cause a denial of service in the JVM.  NOTE: CVE has not investigated the apparent discrepancy between the two vendors regarding the consequences of this issue.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK kerberos vulnerability (6958060)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-3564"
        },
        {
          "category": "external",
          "summary": "RHBZ#639914",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639914"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3564",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-3564"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3564",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3564"
        }
      ],
      "release_date": "2010-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-10-13T16:22:00+00:00",
          "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0768"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenJDK kerberos vulnerability (6958060)"
    },
    {
      "cve": "CVE-2010-3565",
      "discovery_date": "2010-09-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "639920"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK JPEG writeImage remote code execution (6963023)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-3565"
        },
        {
          "category": "external",
          "summary": "RHBZ#639920",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639920"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3565",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-3565"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3565",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3565"
        }
      ],
      "release_date": "2010-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-10-13T16:22:00+00:00",
          "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0768"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "OpenJDK JPEG writeImage remote code execution (6963023)"
    },
    {
      "cve": "CVE-2010-3567",
      "discovery_date": "2010-09-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "642197"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK ICU Opentype layout engine crash (6963285)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-3567"
        },
        {
          "category": "external",
          "summary": "RHBZ#642197",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642197"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3567",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-3567"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3567",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3567"
        }
      ],
      "release_date": "2010-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-10-13T16:22:00+00:00",
          "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0768"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "OpenJDK ICU Opentype layout engine crash (6963285)"
    },
    {
      "cve": "CVE-2010-3568",
      "discovery_date": "2010-09-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "639876"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK Deserialization Race condition (6559775)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-3568"
        },
        {
          "category": "external",
          "summary": "RHBZ#639876",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639876"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3568",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-3568"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3568",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3568"
        }
      ],
      "release_date": "2010-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-10-13T16:22:00+00:00",
          "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0768"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "OpenJDK Deserialization Race condition (6559775)"
    },
    {
      "cve": "CVE-2010-3569",
      "discovery_date": "2010-09-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "639925"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK Serialization inconsistencies (6966692)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-3569"
        },
        {
          "category": "external",
          "summary": "RHBZ#639925",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639925"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3569",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-3569"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3569",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3569"
        }
      ],
      "release_date": "2010-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-10-13T16:22:00+00:00",
          "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0768"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "OpenJDK Serialization inconsistencies (6966692)"
    },
    {
      "cve": "CVE-2010-3573",
      "discovery_date": "2010-09-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "642202"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-3573"
        },
        {
          "category": "external",
          "summary": "RHBZ#642202",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642202"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3573",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-3573"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3573",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3573"
        }
      ],
      "release_date": "2010-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-10-13T16:22:00+00:00",
          "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0768"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)"
    },
    {
      "cve": "CVE-2010-3574",
      "discovery_date": "2010-09-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "642215"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK HttpURLConnection incomplete TRACE permission check (6981426)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
          "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
          "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-3574"
        },
        {
          "category": "external",
          "summary": "RHBZ#642215",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642215"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-3574",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-3574"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3574",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3574"
        }
      ],
      "release_date": "2010-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-10-13T16:22:00+00:00",
          "details": "All java-1.6.0-openjdk users are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK\nJava must be restarted for the update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0768"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Client:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Client:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.src",
            "5Server:java-1.6.0-openjdk-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-demo-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-devel-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.16.b17.el5.x86_64",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.i386",
            "5Server:java-1.6.0-openjdk-src-1:1.6.0.0-1.16.b17.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenJDK HttpURLConnection incomplete TRACE permission check (6981426)"
    }
  ]
}

cve-2010-3561

Vulnerability from cvelistv5

Published

2010-10-19 21:00

Modified

2024-08-07 03:11

Severity ?

Summary

Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions.

References

▼	URL	Tags
	http://support.avaya.com/css/P8/documents/100114327	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0865.html	vendor-advisory, x_refsource_REDHAT
	http://support.avaya.com/css/P8/documents/100114315	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201406-32.xml	vendor-advisory, x_refsource_GENTOO
	http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2010-0770.html	vendor-advisory, x_refsource_REDHAT
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2010-0768.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/bid/44013	vdb-entry, x_refsource_BID
	http://www.ubuntu.com/usn/USN-1010-1	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=639880	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12200	vdb-entry, signature, x_refsource_OVAL
	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	x_refsource_CONFIRM
	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html	x_refsource_CONFIRM
	http://www.vmware.com/security/advisories/VMSA-2011-0003.html	x_refsource_CONFIRM
	http://secunia.com/advisories/42974	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/41972	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/3086	vdb-entry, x_refsource_VUPEN
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12437	vdb-entry, signature, x_refsource_OVAL
	http://support.avaya.com/css/P8/documents/100123193	x_refsource_CONFIRM
	http://secunia.com/advisories/42377	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/516397/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html	vendor-advisory, x_refsource_FEDORA

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:11:44.429Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114327"
          },
          {
            "name": "RHSA-2010:0865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114315"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "name": "RHSA-2010:0770",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
          },
          {
            "name": "SSRT100333",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "name": "RHSA-2010:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
          },
          {
            "name": "FEDORA-2010-16240",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
          },
          {
            "name": "44013",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44013"
          },
          {
            "name": "USN-1010-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1010-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639880"
          },
          {
            "name": "oval:org.mitre.oval:def:12200",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12200"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "42974",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42974"
          },
          {
            "name": "41972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41972"
          },
          {
            "name": "ADV-2010-3086",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3086"
          },
          {
            "name": "HPSBUX02608",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "name": "oval:org.mitre.oval:def:12437",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12437"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100123193"
          },
          {
            "name": "42377",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42377"
          },
          {
            "name": "SUSE-SR:2010:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "FEDORA-2010-16312",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
          },
          {
            "name": "FEDORA-2010-16294",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114327"
        },
        {
          "name": "RHSA-2010:0865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114315"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "name": "RHSA-2010:0770",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
        },
        {
          "name": "SSRT100333",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "name": "RHSA-2010:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
        },
        {
          "name": "FEDORA-2010-16240",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
        },
        {
          "name": "44013",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44013"
        },
        {
          "name": "USN-1010-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1010-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639880"
        },
        {
          "name": "oval:org.mitre.oval:def:12200",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12200"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "42974",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42974"
        },
        {
          "name": "41972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41972"
        },
        {
          "name": "ADV-2010-3086",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3086"
        },
        {
          "name": "HPSBUX02608",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "name": "oval:org.mitre.oval:def:12437",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12437"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100123193"
        },
        {
          "name": "42377",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42377"
        },
        {
          "name": "SUSE-SR:2010:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "FEDORA-2010-16312",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
        },
        {
          "name": "FEDORA-2010-16294",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-3561",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.avaya.com/css/P8/documents/100114327",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114327"
            },
            {
              "name": "RHSA-2010:0865",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100114315",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114315"
            },
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "HPSBMU02799",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "RHSA-2010:0770",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
            },
            {
              "name": "SSRT100333",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "RHSA-2010:0768",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
            },
            {
              "name": "FEDORA-2010-16240",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
            },
            {
              "name": "44013",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44013"
            },
            {
              "name": "USN-1010-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1010-1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=639880",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639880"
            },
            {
              "name": "oval:org.mitre.oval:def:12200",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12200"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
            },
            {
              "name": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html",
              "refsource": "CONFIRM",
              "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
            },
            {
              "name": "42974",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42974"
            },
            {
              "name": "41972",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41972"
            },
            {
              "name": "ADV-2010-3086",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/3086"
            },
            {
              "name": "HPSBUX02608",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "oval:org.mitre.oval:def:12437",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12437"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100123193",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100123193"
            },
            {
              "name": "42377",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42377"
            },
            {
              "name": "SUSE-SR:2010:019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
            },
            {
              "name": "FEDORA-2010-16312",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
            },
            {
              "name": "FEDORA-2010-16294",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2010-3561",
    "datePublished": "2010-10-19T21:00:00",
    "dateReserved": "2010-09-20T00:00:00",
    "dateUpdated": "2024-08-07T03:11:44.429Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3565

Vulnerability from cvelistv5

Published

2010-10-19 21:00

Modified

2024-08-07 03:11

Severity ?

Summary

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=639920	x_refsource_CONFIRM
	http://support.avaya.com/css/P8/documents/100114327	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0865.html	vendor-advisory, x_refsource_REDHAT
	http://support.avaya.com/css/P8/documents/100114315	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201406-32.xml	vendor-advisory, x_refsource_GENTOO
	http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/43985	vdb-entry, x_refsource_BID
	http://www.redhat.com/support/errata/RHSA-2010-0770.html	vendor-advisory, x_refsource_REDHAT
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2010-0768.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html	vendor-advisory, x_refsource_FEDORA
	http://www.ubuntu.com/usn/USN-1010-1	vendor-advisory, x_refsource_UBUNTU
	http://www.zerodayinitiative.com/advisories/ZDI-10-205/	x_refsource_MISC
	http://www.redhat.com/support/errata/RHSA-2010-0987.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2010-0986.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/44954	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2011-0880.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0873.html	vendor-advisory, x_refsource_REDHAT
	http://www.vmware.com/security/advisories/VMSA-2011-0003.html	x_refsource_CONFIRM
	http://secunia.com/advisories/42974	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/41972	third-party-advisory, x_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://support.avaya.com/css/P8/documents/100123193	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0786.html	vendor-advisory, x_refsource_REDHAT
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12294	vdb-entry, signature, x_refsource_OVAL
	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/516397/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/41967	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2010-0807.html	vendor-advisory, x_refsource_REDHAT
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12180	vdb-entry, signature, x_refsource_OVAL
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/2745	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html	vendor-advisory, x_refsource_FEDORA

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:11:44.588Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639920"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114327"
          },
          {
            "name": "RHSA-2010:0865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114315"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "name": "SUSE-SA:2010:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
          },
          {
            "name": "43985",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/43985"
          },
          {
            "name": "RHSA-2010:0770",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
          },
          {
            "name": "SSRT100333",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "name": "RHSA-2010:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
          },
          {
            "name": "FEDORA-2010-16240",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
          },
          {
            "name": "USN-1010-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1010-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-205/"
          },
          {
            "name": "RHSA-2010:0987",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
          },
          {
            "name": "RHSA-2010:0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
          },
          {
            "name": "44954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44954"
          },
          {
            "name": "RHSA-2011:0880",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
          },
          {
            "name": "RHSA-2010:0873",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "42974",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42974"
          },
          {
            "name": "41972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41972"
          },
          {
            "name": "HPSBUX02608",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100123193"
          },
          {
            "name": "RHSA-2010:0786",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
          },
          {
            "name": "oval:org.mitre.oval:def:12294",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12294"
          },
          {
            "name": "SUSE-SR:2010:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "41967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41967"
          },
          {
            "name": "RHSA-2010:0807",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
          },
          {
            "name": "oval:org.mitre.oval:def:12180",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12180"
          },
          {
            "name": "FEDORA-2010-16312",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
          },
          {
            "name": "ADV-2010-2745",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2745"
          },
          {
            "name": "FEDORA-2010-16294",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639920"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114327"
        },
        {
          "name": "RHSA-2010:0865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114315"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "name": "SUSE-SA:2010:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
        },
        {
          "name": "43985",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/43985"
        },
        {
          "name": "RHSA-2010:0770",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
        },
        {
          "name": "SSRT100333",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "name": "RHSA-2010:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
        },
        {
          "name": "FEDORA-2010-16240",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
        },
        {
          "name": "USN-1010-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1010-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-205/"
        },
        {
          "name": "RHSA-2010:0987",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
        },
        {
          "name": "RHSA-2010:0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
        },
        {
          "name": "44954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44954"
        },
        {
          "name": "RHSA-2011:0880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
        },
        {
          "name": "RHSA-2010:0873",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "42974",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42974"
        },
        {
          "name": "41972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41972"
        },
        {
          "name": "HPSBUX02608",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100123193"
        },
        {
          "name": "RHSA-2010:0786",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
        },
        {
          "name": "oval:org.mitre.oval:def:12294",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12294"
        },
        {
          "name": "SUSE-SR:2010:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "41967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41967"
        },
        {
          "name": "RHSA-2010:0807",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
        },
        {
          "name": "oval:org.mitre.oval:def:12180",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12180"
        },
        {
          "name": "FEDORA-2010-16312",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
        },
        {
          "name": "ADV-2010-2745",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2745"
        },
        {
          "name": "FEDORA-2010-16294",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-3565",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=639920",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639920"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100114327",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114327"
            },
            {
              "name": "RHSA-2010:0865",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100114315",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114315"
            },
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "HPSBMU02799",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "SUSE-SA:2010:061",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
            },
            {
              "name": "43985",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/43985"
            },
            {
              "name": "RHSA-2010:0770",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
            },
            {
              "name": "SSRT100333",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "RHSA-2010:0768",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
            },
            {
              "name": "FEDORA-2010-16240",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
            },
            {
              "name": "USN-1010-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1010-1"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-205/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-205/"
            },
            {
              "name": "RHSA-2010:0987",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
            },
            {
              "name": "RHSA-2010:0986",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
            },
            {
              "name": "44954",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44954"
            },
            {
              "name": "RHSA-2011:0880",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
            },
            {
              "name": "RHSA-2010:0873",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
            },
            {
              "name": "42974",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42974"
            },
            {
              "name": "41972",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41972"
            },
            {
              "name": "HPSBUX02608",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100123193",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100123193"
            },
            {
              "name": "RHSA-2010:0786",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
            },
            {
              "name": "oval:org.mitre.oval:def:12294",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12294"
            },
            {
              "name": "SUSE-SR:2010:019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
            },
            {
              "name": "41967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41967"
            },
            {
              "name": "RHSA-2010:0807",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
            },
            {
              "name": "oval:org.mitre.oval:def:12180",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12180"
            },
            {
              "name": "FEDORA-2010-16312",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
            },
            {
              "name": "ADV-2010-2745",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2745"
            },
            {
              "name": "FEDORA-2010-16294",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2010-3565",
    "datePublished": "2010-10-19T21:00:00",
    "dateReserved": "2010-09-20T00:00:00",
    "dateUpdated": "2024-08-07T03:11:44.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3564

Vulnerability from cvelistv5

Published

2010-10-14 17:00

Modified

2024-08-07 03:11

Severity ?

Summary

Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that the Kerberos implementation does not properly check AP-REQ requests, which allows attackers to cause a denial of service in the JVM. NOTE: CVE has not investigated the apparent discrepancy between the two vendors regarding the consequences of this issue.

References

▼	URL	Tags
	http://support.avaya.com/css/P8/documents/100114327	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0865.html	vendor-advisory, x_refsource_REDHAT
	http://security.gentoo.org/glsa/glsa-201406-32.xml	vendor-advisory, x_refsource_GENTOO
	http://www.securityfocus.com/bid/43963	vdb-entry, x_refsource_BID
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12398	vdb-entry, signature, x_refsource_OVAL
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2010-0768.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html	vendor-advisory, x_refsource_FEDORA
	http://www.ubuntu.com/usn/USN-1010-1	vendor-advisory, x_refsource_UBUNTU
	http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html	x_refsource_CONFIRM
	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html	x_refsource_CONFIRM
	http://secunia.com/advisories/41972	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/3086	vdb-entry, x_refsource_VUPEN
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://support.avaya.com/css/P8/documents/100123193	x_refsource_CONFIRM
	http://www.us-cert.gov/cas/techalerts/TA10-287A.html	third-party-advisory, x_refsource_CERT
	http://secunia.com/advisories/42377	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html	vendor-advisory, x_refsource_FEDORA

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:11:44.455Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114327"
          },
          {
            "name": "RHSA-2010:0865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "43963",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/43963"
          },
          {
            "name": "oval:org.mitre.oval:def:12398",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12398"
          },
          {
            "name": "SSRT100333",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "name": "RHSA-2010:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
          },
          {
            "name": "FEDORA-2010-16240",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
          },
          {
            "name": "USN-1010-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1010-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
          },
          {
            "name": "41972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41972"
          },
          {
            "name": "ADV-2010-3086",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3086"
          },
          {
            "name": "HPSBUX02608",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100123193"
          },
          {
            "name": "TA10-287A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
          },
          {
            "name": "42377",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42377"
          },
          {
            "name": "FEDORA-2010-16312",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
          },
          {
            "name": "FEDORA-2010-16294",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that the Kerberos implementation does not properly check AP-REQ requests, which allows attackers to cause a denial of service in the JVM.  NOTE: CVE has not investigated the apparent discrepancy between the two vendors regarding the consequences of this issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114327"
        },
        {
          "name": "RHSA-2010:0865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "43963",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/43963"
        },
        {
          "name": "oval:org.mitre.oval:def:12398",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12398"
        },
        {
          "name": "SSRT100333",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "name": "RHSA-2010:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
        },
        {
          "name": "FEDORA-2010-16240",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
        },
        {
          "name": "USN-1010-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1010-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
        },
        {
          "name": "41972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41972"
        },
        {
          "name": "ADV-2010-3086",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3086"
        },
        {
          "name": "HPSBUX02608",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100123193"
        },
        {
          "name": "TA10-287A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
        },
        {
          "name": "42377",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42377"
        },
        {
          "name": "FEDORA-2010-16312",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
        },
        {
          "name": "FEDORA-2010-16294",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-3564",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that the Kerberos implementation does not properly check AP-REQ requests, which allows attackers to cause a denial of service in the JVM.  NOTE: CVE has not investigated the apparent discrepancy between the two vendors regarding the consequences of this issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.avaya.com/css/P8/documents/100114327",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114327"
            },
            {
              "name": "RHSA-2010:0865",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
            },
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "43963",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/43963"
            },
            {
              "name": "oval:org.mitre.oval:def:12398",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12398"
            },
            {
              "name": "SSRT100333",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "RHSA-2010:0768",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
            },
            {
              "name": "FEDORA-2010-16240",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
            },
            {
              "name": "USN-1010-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1010-1"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
            },
            {
              "name": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html",
              "refsource": "CONFIRM",
              "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
            },
            {
              "name": "41972",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41972"
            },
            {
              "name": "ADV-2010-3086",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/3086"
            },
            {
              "name": "HPSBUX02608",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100123193",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100123193"
            },
            {
              "name": "TA10-287A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
            },
            {
              "name": "42377",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42377"
            },
            {
              "name": "FEDORA-2010-16312",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
            },
            {
              "name": "FEDORA-2010-16294",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2010-3564",
    "datePublished": "2010-10-14T17:00:00",
    "dateReserved": "2010-09-20T00:00:00",
    "dateUpdated": "2024-08-07T03:11:44.455Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3568

Vulnerability from cvelistv5

Published

2010-10-19 21:00

Modified

2024-08-07 03:11

Severity ?

Summary

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization.

References

▼	URL	Tags
	http://support.avaya.com/css/P8/documents/100114327	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12029	vdb-entry, signature, x_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2010-0865.html	vendor-advisory, x_refsource_REDHAT
	http://support.avaya.com/css/P8/documents/100114315	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201406-32.xml	vendor-advisory, x_refsource_GENTOO
	http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2010-0770.html	vendor-advisory, x_refsource_REDHAT
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2010-0768.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html	vendor-advisory, x_refsource_FEDORA
	http://www.ubuntu.com/usn/USN-1010-1	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/44012	vdb-entry, x_refsource_BID
	http://www.redhat.com/support/errata/RHSA-2010-0987.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2010-0986.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/44954	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12206	vdb-entry, signature, x_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2011-0880.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0873.html	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=639876	x_refsource_CONFIRM
	http://www.vmware.com/security/advisories/VMSA-2011-0003.html	x_refsource_CONFIRM
	http://secunia.com/advisories/42974	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/41972	third-party-advisory, x_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://support.avaya.com/css/P8/documents/100123193	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0786.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/516397/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/41967	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2010-0807.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/2745	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html	vendor-advisory, x_refsource_FEDORA

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:11:44.442Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114327"
          },
          {
            "name": "oval:org.mitre.oval:def:12029",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12029"
          },
          {
            "name": "RHSA-2010:0865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114315"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "name": "SUSE-SA:2010:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
          },
          {
            "name": "RHSA-2010:0770",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
          },
          {
            "name": "SSRT100333",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "name": "RHSA-2010:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
          },
          {
            "name": "FEDORA-2010-16240",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
          },
          {
            "name": "USN-1010-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1010-1"
          },
          {
            "name": "44012",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44012"
          },
          {
            "name": "RHSA-2010:0987",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
          },
          {
            "name": "RHSA-2010:0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
          },
          {
            "name": "44954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44954"
          },
          {
            "name": "oval:org.mitre.oval:def:12206",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12206"
          },
          {
            "name": "RHSA-2011:0880",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
          },
          {
            "name": "RHSA-2010:0873",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639876"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "42974",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42974"
          },
          {
            "name": "41972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41972"
          },
          {
            "name": "HPSBUX02608",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100123193"
          },
          {
            "name": "RHSA-2010:0786",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
          },
          {
            "name": "SUSE-SR:2010:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "41967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41967"
          },
          {
            "name": "RHSA-2010:0807",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
          },
          {
            "name": "FEDORA-2010-16312",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
          },
          {
            "name": "ADV-2010-2745",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2745"
          },
          {
            "name": "FEDORA-2010-16294",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114327"
        },
        {
          "name": "oval:org.mitre.oval:def:12029",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12029"
        },
        {
          "name": "RHSA-2010:0865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114315"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "name": "SUSE-SA:2010:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
        },
        {
          "name": "RHSA-2010:0770",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
        },
        {
          "name": "SSRT100333",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "name": "RHSA-2010:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
        },
        {
          "name": "FEDORA-2010-16240",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
        },
        {
          "name": "USN-1010-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1010-1"
        },
        {
          "name": "44012",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44012"
        },
        {
          "name": "RHSA-2010:0987",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
        },
        {
          "name": "RHSA-2010:0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
        },
        {
          "name": "44954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44954"
        },
        {
          "name": "oval:org.mitre.oval:def:12206",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12206"
        },
        {
          "name": "RHSA-2011:0880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
        },
        {
          "name": "RHSA-2010:0873",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639876"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "42974",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42974"
        },
        {
          "name": "41972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41972"
        },
        {
          "name": "HPSBUX02608",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100123193"
        },
        {
          "name": "RHSA-2010:0786",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
        },
        {
          "name": "SUSE-SR:2010:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "41967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41967"
        },
        {
          "name": "RHSA-2010:0807",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
        },
        {
          "name": "FEDORA-2010-16312",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
        },
        {
          "name": "ADV-2010-2745",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2745"
        },
        {
          "name": "FEDORA-2010-16294",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-3568",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.avaya.com/css/P8/documents/100114327",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114327"
            },
            {
              "name": "oval:org.mitre.oval:def:12029",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12029"
            },
            {
              "name": "RHSA-2010:0865",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100114315",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114315"
            },
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "HPSBMU02799",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "SUSE-SA:2010:061",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
            },
            {
              "name": "RHSA-2010:0770",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
            },
            {
              "name": "SSRT100333",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "RHSA-2010:0768",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
            },
            {
              "name": "FEDORA-2010-16240",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
            },
            {
              "name": "USN-1010-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1010-1"
            },
            {
              "name": "44012",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44012"
            },
            {
              "name": "RHSA-2010:0987",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
            },
            {
              "name": "RHSA-2010:0986",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
            },
            {
              "name": "44954",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44954"
            },
            {
              "name": "oval:org.mitre.oval:def:12206",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12206"
            },
            {
              "name": "RHSA-2011:0880",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
            },
            {
              "name": "RHSA-2010:0873",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=639876",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639876"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
            },
            {
              "name": "42974",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42974"
            },
            {
              "name": "41972",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41972"
            },
            {
              "name": "HPSBUX02608",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100123193",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100123193"
            },
            {
              "name": "RHSA-2010:0786",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
            },
            {
              "name": "SUSE-SR:2010:019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
            },
            {
              "name": "41967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41967"
            },
            {
              "name": "RHSA-2010:0807",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
            },
            {
              "name": "FEDORA-2010-16312",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
            },
            {
              "name": "ADV-2010-2745",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2745"
            },
            {
              "name": "FEDORA-2010-16294",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2010-3568",
    "datePublished": "2010-10-19T21:00:00",
    "dateReserved": "2010-09-20T00:00:00",
    "dateUpdated": "2024-08-07T03:11:44.442Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3574

Vulnerability from cvelistv5

Published

2010-10-19 21:00

Modified

2024-08-07 03:11

Severity ?

Summary

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.

References

▼	URL	Tags
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12462	vdb-entry, signature, x_refsource_OVAL
	http://support.avaya.com/css/P8/documents/100114327	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0865.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2011/0134	vdb-entry, x_refsource_VUPEN
	http://support.avaya.com/css/P8/documents/100114315	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201406-32.xml	vendor-advisory, x_refsource_GENTOO
	http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
	http://www.vupen.com/english/advisories/2011/0143	vdb-entry, x_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12367	vdb-entry, signature, x_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2010-0770.html	vendor-advisory, x_refsource_REDHAT
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2010-0768.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/bid/44011	vdb-entry, x_refsource_BID
	http://www.ubuntu.com/usn/USN-1010-1	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=642215	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0987.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/44954	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/42432	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2011-0880.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0873.html	vendor-advisory, x_refsource_REDHAT
	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html	x_refsource_CONFIRM
	http://www.vmware.com/security/advisories/VMSA-2011-0003.html	x_refsource_CONFIRM
	http://secunia.com/advisories/42974	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/41972	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/3086	vdb-entry, x_refsource_VUPEN
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://www.vupen.com/english/advisories/2010/3112	vdb-entry, x_refsource_VUPEN
	http://support.avaya.com/css/P8/documents/100123193	x_refsource_CONFIRM
	http://secunia.com/advisories/42377	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2011-0152.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/516397/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/41967	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2010-0807.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2010-0935.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html	vendor-advisory, x_refsource_FEDORA

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:11:44.635Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:12462",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12462"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114327"
          },
          {
            "name": "RHSA-2010:0865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
          },
          {
            "name": "ADV-2011-0134",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0134"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114315"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "name": "ADV-2011-0143",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0143"
          },
          {
            "name": "oval:org.mitre.oval:def:12367",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12367"
          },
          {
            "name": "RHSA-2010:0770",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
          },
          {
            "name": "SSRT100333",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "name": "RHSA-2010:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
          },
          {
            "name": "FEDORA-2010-16240",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
          },
          {
            "name": "44011",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44011"
          },
          {
            "name": "USN-1010-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1010-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642215"
          },
          {
            "name": "RHSA-2010:0987",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
          },
          {
            "name": "44954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44954"
          },
          {
            "name": "42432",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42432"
          },
          {
            "name": "RHSA-2011:0880",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
          },
          {
            "name": "RHSA-2010:0873",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "42974",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42974"
          },
          {
            "name": "41972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41972"
          },
          {
            "name": "ADV-2010-3086",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3086"
          },
          {
            "name": "HPSBUX02608",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "name": "ADV-2010-3112",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3112"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100123193"
          },
          {
            "name": "42377",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42377"
          },
          {
            "name": "SUSE-SR:2010:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
          },
          {
            "name": "RHSA-2011:0152",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0152.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "41967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41967"
          },
          {
            "name": "RHSA-2010:0807",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
          },
          {
            "name": "RHSA-2010:0935",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0935.html"
          },
          {
            "name": "FEDORA-2010-16312",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
          },
          {
            "name": "FEDORA-2010-16294",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:12462",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12462"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114327"
        },
        {
          "name": "RHSA-2010:0865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
        },
        {
          "name": "ADV-2011-0134",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0134"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114315"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "name": "ADV-2011-0143",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0143"
        },
        {
          "name": "oval:org.mitre.oval:def:12367",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12367"
        },
        {
          "name": "RHSA-2010:0770",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
        },
        {
          "name": "SSRT100333",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "name": "RHSA-2010:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
        },
        {
          "name": "FEDORA-2010-16240",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
        },
        {
          "name": "44011",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44011"
        },
        {
          "name": "USN-1010-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1010-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642215"
        },
        {
          "name": "RHSA-2010:0987",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
        },
        {
          "name": "44954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44954"
        },
        {
          "name": "42432",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42432"
        },
        {
          "name": "RHSA-2011:0880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
        },
        {
          "name": "RHSA-2010:0873",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "42974",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42974"
        },
        {
          "name": "41972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41972"
        },
        {
          "name": "ADV-2010-3086",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3086"
        },
        {
          "name": "HPSBUX02608",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "name": "ADV-2010-3112",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3112"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100123193"
        },
        {
          "name": "42377",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42377"
        },
        {
          "name": "SUSE-SR:2010:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
        },
        {
          "name": "RHSA-2011:0152",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0152.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "41967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41967"
        },
        {
          "name": "RHSA-2010:0807",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
        },
        {
          "name": "RHSA-2010:0935",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0935.html"
        },
        {
          "name": "FEDORA-2010-16312",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
        },
        {
          "name": "FEDORA-2010-16294",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-3574",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:12462",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12462"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100114327",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114327"
            },
            {
              "name": "RHSA-2010:0865",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
            },
            {
              "name": "ADV-2011-0134",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0134"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100114315",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114315"
            },
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "HPSBMU02799",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "ADV-2011-0143",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0143"
            },
            {
              "name": "oval:org.mitre.oval:def:12367",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12367"
            },
            {
              "name": "RHSA-2010:0770",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
            },
            {
              "name": "SSRT100333",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "RHSA-2010:0768",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
            },
            {
              "name": "FEDORA-2010-16240",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
            },
            {
              "name": "44011",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44011"
            },
            {
              "name": "USN-1010-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1010-1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=642215",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642215"
            },
            {
              "name": "RHSA-2010:0987",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
            },
            {
              "name": "44954",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44954"
            },
            {
              "name": "42432",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42432"
            },
            {
              "name": "RHSA-2011:0880",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
            },
            {
              "name": "RHSA-2010:0873",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
            },
            {
              "name": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html",
              "refsource": "CONFIRM",
              "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
            },
            {
              "name": "42974",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42974"
            },
            {
              "name": "41972",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41972"
            },
            {
              "name": "ADV-2010-3086",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/3086"
            },
            {
              "name": "HPSBUX02608",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "ADV-2010-3112",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/3112"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100123193",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100123193"
            },
            {
              "name": "42377",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42377"
            },
            {
              "name": "SUSE-SR:2010:019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
            },
            {
              "name": "RHSA-2011:0152",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0152.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
            },
            {
              "name": "41967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41967"
            },
            {
              "name": "RHSA-2010:0807",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
            },
            {
              "name": "RHSA-2010:0935",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0935.html"
            },
            {
              "name": "FEDORA-2010-16312",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
            },
            {
              "name": "FEDORA-2010-16294",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2010-3574",
    "datePublished": "2010-10-19T21:00:00",
    "dateReserved": "2010-09-20T00:00:00",
    "dateUpdated": "2024-08-07T03:11:44.635Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3551

Vulnerability from cvelistv5

Published

2010-10-19 21:00

Modified

2024-08-07 03:11

Severity ?

Summary

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.

References

▼	URL	Tags
	http://support.avaya.com/css/P8/documents/100114327	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0865.html	vendor-advisory, x_refsource_REDHAT
	http://support.avaya.com/css/P8/documents/100114315	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201406-32.xml	vendor-advisory, x_refsource_GENTOO
	http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2010-0770.html	vendor-advisory, x_refsource_REDHAT
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2010-0768.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html	vendor-advisory, x_refsource_FEDORA
	http://www.ubuntu.com/usn/USN-1010-1	vendor-advisory, x_refsource_UBUNTU
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12458	vdb-entry, signature, x_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2010-0987.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2010-0986.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/44954	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2011-0880.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0873.html	vendor-advisory, x_refsource_REDHAT
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11330	vdb-entry, signature, x_refsource_OVAL
	http://www.vmware.com/security/advisories/VMSA-2011-0003.html	x_refsource_CONFIRM
	http://secunia.com/advisories/42974	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/41972	third-party-advisory, x_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://support.avaya.com/css/P8/documents/100123193	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0786.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/516397/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/41967	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2010-0807.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/44009	vdb-entry, x_refsource_BID
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/2745	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html	vendor-advisory, x_refsource_FEDORA

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:11:44.375Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114327"
          },
          {
            "name": "RHSA-2010:0865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114315"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "name": "SUSE-SA:2010:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
          },
          {
            "name": "RHSA-2010:0770",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
          },
          {
            "name": "SSRT100333",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "name": "RHSA-2010:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
          },
          {
            "name": "FEDORA-2010-16240",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
          },
          {
            "name": "USN-1010-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1010-1"
          },
          {
            "name": "oval:org.mitre.oval:def:12458",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12458"
          },
          {
            "name": "RHSA-2010:0987",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
          },
          {
            "name": "RHSA-2010:0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
          },
          {
            "name": "44954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44954"
          },
          {
            "name": "RHSA-2011:0880",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
          },
          {
            "name": "RHSA-2010:0873",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11330",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11330"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "42974",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42974"
          },
          {
            "name": "41972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41972"
          },
          {
            "name": "HPSBUX02608",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100123193"
          },
          {
            "name": "RHSA-2010:0786",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
          },
          {
            "name": "SUSE-SR:2010:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "41967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41967"
          },
          {
            "name": "RHSA-2010:0807",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
          },
          {
            "name": "44009",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44009"
          },
          {
            "name": "FEDORA-2010-16312",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
          },
          {
            "name": "ADV-2010-2745",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2745"
          },
          {
            "name": "FEDORA-2010-16294",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114327"
        },
        {
          "name": "RHSA-2010:0865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114315"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "name": "SUSE-SA:2010:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
        },
        {
          "name": "RHSA-2010:0770",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
        },
        {
          "name": "SSRT100333",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "name": "RHSA-2010:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
        },
        {
          "name": "FEDORA-2010-16240",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
        },
        {
          "name": "USN-1010-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1010-1"
        },
        {
          "name": "oval:org.mitre.oval:def:12458",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12458"
        },
        {
          "name": "RHSA-2010:0987",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
        },
        {
          "name": "RHSA-2010:0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
        },
        {
          "name": "44954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44954"
        },
        {
          "name": "RHSA-2011:0880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
        },
        {
          "name": "RHSA-2010:0873",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
        },
        {
          "name": "oval:org.mitre.oval:def:11330",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11330"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "42974",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42974"
        },
        {
          "name": "41972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41972"
        },
        {
          "name": "HPSBUX02608",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100123193"
        },
        {
          "name": "RHSA-2010:0786",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
        },
        {
          "name": "SUSE-SR:2010:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "41967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41967"
        },
        {
          "name": "RHSA-2010:0807",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
        },
        {
          "name": "44009",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44009"
        },
        {
          "name": "FEDORA-2010-16312",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
        },
        {
          "name": "ADV-2010-2745",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2745"
        },
        {
          "name": "FEDORA-2010-16294",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-3551",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.avaya.com/css/P8/documents/100114327",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114327"
            },
            {
              "name": "RHSA-2010:0865",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100114315",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114315"
            },
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "HPSBMU02799",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "SUSE-SA:2010:061",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
            },
            {
              "name": "RHSA-2010:0770",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
            },
            {
              "name": "SSRT100333",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "RHSA-2010:0768",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
            },
            {
              "name": "FEDORA-2010-16240",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
            },
            {
              "name": "USN-1010-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1010-1"
            },
            {
              "name": "oval:org.mitre.oval:def:12458",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12458"
            },
            {
              "name": "RHSA-2010:0987",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
            },
            {
              "name": "RHSA-2010:0986",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
            },
            {
              "name": "44954",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44954"
            },
            {
              "name": "RHSA-2011:0880",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
            },
            {
              "name": "RHSA-2010:0873",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
            },
            {
              "name": "oval:org.mitre.oval:def:11330",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11330"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
            },
            {
              "name": "42974",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42974"
            },
            {
              "name": "41972",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41972"
            },
            {
              "name": "HPSBUX02608",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100123193",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100123193"
            },
            {
              "name": "RHSA-2010:0786",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
            },
            {
              "name": "SUSE-SR:2010:019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
            },
            {
              "name": "41967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41967"
            },
            {
              "name": "RHSA-2010:0807",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
            },
            {
              "name": "44009",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44009"
            },
            {
              "name": "FEDORA-2010-16312",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
            },
            {
              "name": "ADV-2010-2745",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2745"
            },
            {
              "name": "FEDORA-2010-16294",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2010-3551",
    "datePublished": "2010-10-19T21:00:00",
    "dateReserved": "2010-09-20T00:00:00",
    "dateUpdated": "2024-08-07T03:11:44.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3548

Vulnerability from cvelistv5

Published

2010-10-19 21:00

Modified

2024-08-07 03:11

Severity ?

Summary

Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names."

References

▼	URL	Tags
	http://support.avaya.com/css/P8/documents/100114327	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0865.html	vendor-advisory, x_refsource_REDHAT
	http://support.avaya.com/css/P8/documents/100114315	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201406-32.xml	vendor-advisory, x_refsource_GENTOO
	http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2010-0770.html	vendor-advisory, x_refsource_REDHAT
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2010-0768.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html	vendor-advisory, x_refsource_FEDORA
	http://www.ubuntu.com/usn/USN-1010-1	vendor-advisory, x_refsource_UBUNTU
	http://www.redhat.com/support/errata/RHSA-2010-0987.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2010-0986.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/44954	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2011-0880.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0873.html	vendor-advisory, x_refsource_REDHAT
	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html	x_refsource_CONFIRM
	http://www.vmware.com/security/advisories/VMSA-2011-0003.html	x_refsource_CONFIRM
	http://secunia.com/advisories/42974	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/41972	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/3086	vdb-entry, x_refsource_VUPEN
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://support.avaya.com/css/P8/documents/100123193	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0786.html	vendor-advisory, x_refsource_REDHAT
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14475	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/42377	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/44017	vdb-entry, x_refsource_BID
	https://bugzilla.redhat.com/show_bug.cgi?id=639909	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/516397/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/41967	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2010-0807.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/2745	vdb-entry, x_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12426	vdb-entry, signature, x_refsource_OVAL
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html	vendor-advisory, x_refsource_FEDORA

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:11:44.437Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114327"
          },
          {
            "name": "RHSA-2010:0865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114315"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "name": "SUSE-SA:2010:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
          },
          {
            "name": "RHSA-2010:0770",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
          },
          {
            "name": "SSRT100333",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "name": "RHSA-2010:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
          },
          {
            "name": "FEDORA-2010-16240",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
          },
          {
            "name": "USN-1010-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1010-1"
          },
          {
            "name": "RHSA-2010:0987",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
          },
          {
            "name": "RHSA-2010:0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
          },
          {
            "name": "44954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44954"
          },
          {
            "name": "RHSA-2011:0880",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
          },
          {
            "name": "RHSA-2010:0873",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "42974",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42974"
          },
          {
            "name": "41972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41972"
          },
          {
            "name": "ADV-2010-3086",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3086"
          },
          {
            "name": "HPSBUX02608",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100123193"
          },
          {
            "name": "RHSA-2010:0786",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
          },
          {
            "name": "oval:org.mitre.oval:def:14475",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14475"
          },
          {
            "name": "42377",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42377"
          },
          {
            "name": "SUSE-SR:2010:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
          },
          {
            "name": "44017",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44017"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639909"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "41967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41967"
          },
          {
            "name": "RHSA-2010:0807",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
          },
          {
            "name": "FEDORA-2010-16312",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
          },
          {
            "name": "ADV-2010-2745",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2745"
          },
          {
            "name": "oval:org.mitre.oval:def:12426",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12426"
          },
          {
            "name": "FEDORA-2010-16294",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or \"otherwise-protected internal network names.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114327"
        },
        {
          "name": "RHSA-2010:0865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114315"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "name": "SUSE-SA:2010:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
        },
        {
          "name": "RHSA-2010:0770",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
        },
        {
          "name": "SSRT100333",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "name": "RHSA-2010:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
        },
        {
          "name": "FEDORA-2010-16240",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
        },
        {
          "name": "USN-1010-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1010-1"
        },
        {
          "name": "RHSA-2010:0987",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
        },
        {
          "name": "RHSA-2010:0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
        },
        {
          "name": "44954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44954"
        },
        {
          "name": "RHSA-2011:0880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
        },
        {
          "name": "RHSA-2010:0873",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "42974",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42974"
        },
        {
          "name": "41972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41972"
        },
        {
          "name": "ADV-2010-3086",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3086"
        },
        {
          "name": "HPSBUX02608",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100123193"
        },
        {
          "name": "RHSA-2010:0786",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
        },
        {
          "name": "oval:org.mitre.oval:def:14475",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14475"
        },
        {
          "name": "42377",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42377"
        },
        {
          "name": "SUSE-SR:2010:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
        },
        {
          "name": "44017",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44017"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639909"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "41967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41967"
        },
        {
          "name": "RHSA-2010:0807",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
        },
        {
          "name": "FEDORA-2010-16312",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
        },
        {
          "name": "ADV-2010-2745",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2745"
        },
        {
          "name": "oval:org.mitre.oval:def:12426",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12426"
        },
        {
          "name": "FEDORA-2010-16294",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-3548",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or \"otherwise-protected internal network names.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.avaya.com/css/P8/documents/100114327",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114327"
            },
            {
              "name": "RHSA-2010:0865",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100114315",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114315"
            },
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "HPSBMU02799",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "SUSE-SA:2010:061",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
            },
            {
              "name": "RHSA-2010:0770",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
            },
            {
              "name": "SSRT100333",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "RHSA-2010:0768",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
            },
            {
              "name": "FEDORA-2010-16240",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
            },
            {
              "name": "USN-1010-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1010-1"
            },
            {
              "name": "RHSA-2010:0987",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
            },
            {
              "name": "RHSA-2010:0986",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
            },
            {
              "name": "44954",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44954"
            },
            {
              "name": "RHSA-2011:0880",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
            },
            {
              "name": "RHSA-2010:0873",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
            },
            {
              "name": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html",
              "refsource": "CONFIRM",
              "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
            },
            {
              "name": "42974",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42974"
            },
            {
              "name": "41972",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41972"
            },
            {
              "name": "ADV-2010-3086",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/3086"
            },
            {
              "name": "HPSBUX02608",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100123193",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100123193"
            },
            {
              "name": "RHSA-2010:0786",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
            },
            {
              "name": "oval:org.mitre.oval:def:14475",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14475"
            },
            {
              "name": "42377",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42377"
            },
            {
              "name": "SUSE-SR:2010:019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "44017",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44017"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=639909",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639909"
            },
            {
              "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
            },
            {
              "name": "41967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41967"
            },
            {
              "name": "RHSA-2010:0807",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
            },
            {
              "name": "FEDORA-2010-16312",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
            },
            {
              "name": "ADV-2010-2745",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2745"
            },
            {
              "name": "oval:org.mitre.oval:def:12426",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12426"
            },
            {
              "name": "FEDORA-2010-16294",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2010-3548",
    "datePublished": "2010-10-19T21:00:00",
    "dateReserved": "2010-09-20T00:00:00",
    "dateUpdated": "2024-08-07T03:11:44.437Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3554

Vulnerability from cvelistv5

Published

2010-10-19 21:00

Modified

2024-08-07 03:11

Severity ?

Summary

Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects."

References

▼	URL	Tags
	http://support.avaya.com/css/P8/documents/100114327	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0865.html	vendor-advisory, x_refsource_REDHAT
	http://support.avaya.com/css/P8/documents/100114315	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201406-32.xml	vendor-advisory, x_refsource_GENTOO
	http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2010-0770.html	vendor-advisory, x_refsource_REDHAT
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2010-0768.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html	vendor-advisory, x_refsource_FEDORA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12189	vdb-entry, signature, x_refsource_OVAL
	http://www.ubuntu.com/usn/USN-1010-1	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=639880	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12449	vdb-entry, signature, x_refsource_OVAL
	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	x_refsource_CONFIRM
	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html	x_refsource_CONFIRM
	http://www.vmware.com/security/advisories/VMSA-2011-0003.html	x_refsource_CONFIRM
	http://secunia.com/advisories/42974	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/41972	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/3086	vdb-entry, x_refsource_VUPEN
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://support.avaya.com/css/P8/documents/100123193	x_refsource_CONFIRM
	http://secunia.com/advisories/42377	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/516397/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/43994	vdb-entry, x_refsource_BID
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html	vendor-advisory, x_refsource_FEDORA

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:11:44.637Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114327"
          },
          {
            "name": "RHSA-2010:0865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114315"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "name": "RHSA-2010:0770",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
          },
          {
            "name": "SSRT100333",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "name": "RHSA-2010:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
          },
          {
            "name": "FEDORA-2010-16240",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
          },
          {
            "name": "oval:org.mitre.oval:def:12189",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12189"
          },
          {
            "name": "USN-1010-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1010-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639880"
          },
          {
            "name": "oval:org.mitre.oval:def:12449",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12449"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "42974",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42974"
          },
          {
            "name": "41972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41972"
          },
          {
            "name": "ADV-2010-3086",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3086"
          },
          {
            "name": "HPSBUX02608",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100123193"
          },
          {
            "name": "42377",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42377"
          },
          {
            "name": "SUSE-SR:2010:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "43994",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/43994"
          },
          {
            "name": "FEDORA-2010-16312",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
          },
          {
            "name": "FEDORA-2010-16294",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is related to \"permissions granted to certain system objects.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114327"
        },
        {
          "name": "RHSA-2010:0865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114315"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "name": "RHSA-2010:0770",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
        },
        {
          "name": "SSRT100333",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "name": "RHSA-2010:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
        },
        {
          "name": "FEDORA-2010-16240",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
        },
        {
          "name": "oval:org.mitre.oval:def:12189",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12189"
        },
        {
          "name": "USN-1010-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1010-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639880"
        },
        {
          "name": "oval:org.mitre.oval:def:12449",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12449"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "42974",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42974"
        },
        {
          "name": "41972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41972"
        },
        {
          "name": "ADV-2010-3086",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3086"
        },
        {
          "name": "HPSBUX02608",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100123193"
        },
        {
          "name": "42377",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42377"
        },
        {
          "name": "SUSE-SR:2010:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "43994",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/43994"
        },
        {
          "name": "FEDORA-2010-16312",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
        },
        {
          "name": "FEDORA-2010-16294",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-3554",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is related to \"permissions granted to certain system objects.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.avaya.com/css/P8/documents/100114327",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114327"
            },
            {
              "name": "RHSA-2010:0865",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100114315",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114315"
            },
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "HPSBMU02799",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "RHSA-2010:0770",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
            },
            {
              "name": "SSRT100333",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "RHSA-2010:0768",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
            },
            {
              "name": "FEDORA-2010-16240",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
            },
            {
              "name": "oval:org.mitre.oval:def:12189",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12189"
            },
            {
              "name": "USN-1010-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1010-1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=639880",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639880"
            },
            {
              "name": "oval:org.mitre.oval:def:12449",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12449"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
            },
            {
              "name": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html",
              "refsource": "CONFIRM",
              "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
            },
            {
              "name": "42974",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42974"
            },
            {
              "name": "41972",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41972"
            },
            {
              "name": "ADV-2010-3086",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/3086"
            },
            {
              "name": "HPSBUX02608",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100123193",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100123193"
            },
            {
              "name": "42377",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42377"
            },
            {
              "name": "SUSE-SR:2010:019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
            },
            {
              "name": "43994",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/43994"
            },
            {
              "name": "FEDORA-2010-16312",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
            },
            {
              "name": "FEDORA-2010-16294",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2010-3554",
    "datePublished": "2010-10-19T21:00:00",
    "dateReserved": "2010-09-20T00:00:00",
    "dateUpdated": "2024-08-07T03:11:44.637Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3549

Vulnerability from cvelistv5

Published

2010-10-19 21:00

Modified

2024-08-07 03:11

Severity ?

Summary

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class.

References

▼	URL	Tags
	http://support.avaya.com/css/P8/documents/100114327	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0865.html	vendor-advisory, x_refsource_REDHAT
	http://support.avaya.com/css/P8/documents/100114315	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201406-32.xml	vendor-advisory, x_refsource_GENTOO
	http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2010-0770.html	vendor-advisory, x_refsource_REDHAT
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2010-0768.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html	vendor-advisory, x_refsource_FEDORA
	http://www.ubuntu.com/usn/USN-1010-1	vendor-advisory, x_refsource_UBUNTU
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11559	vdb-entry, signature, x_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2010-0987.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2010-0986.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/44954	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.redhat.com/show_bug.cgi?id=642180	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2011-0880.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0873.html	vendor-advisory, x_refsource_REDHAT
	http://www.vmware.com/security/advisories/VMSA-2011-0003.html	x_refsource_CONFIRM
	http://secunia.com/advisories/42974	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/41972	third-party-advisory, x_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://support.avaya.com/css/P8/documents/100123193	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0786.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/44027	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14340	vdb-entry, signature, x_refsource_OVAL
	http://www.securityfocus.com/archive/1/516397/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/41967	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2010-0807.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/2745	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html	vendor-advisory, x_refsource_FEDORA

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:11:44.369Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114327"
          },
          {
            "name": "RHSA-2010:0865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114315"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "name": "SUSE-SA:2010:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
          },
          {
            "name": "RHSA-2010:0770",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
          },
          {
            "name": "SSRT100333",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "name": "RHSA-2010:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
          },
          {
            "name": "FEDORA-2010-16240",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
          },
          {
            "name": "USN-1010-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1010-1"
          },
          {
            "name": "oval:org.mitre.oval:def:11559",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11559"
          },
          {
            "name": "RHSA-2010:0987",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
          },
          {
            "name": "RHSA-2010:0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
          },
          {
            "name": "44954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642180"
          },
          {
            "name": "RHSA-2011:0880",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
          },
          {
            "name": "RHSA-2010:0873",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "42974",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42974"
          },
          {
            "name": "41972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41972"
          },
          {
            "name": "HPSBUX02608",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100123193"
          },
          {
            "name": "RHSA-2010:0786",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
          },
          {
            "name": "44027",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44027"
          },
          {
            "name": "SUSE-SR:2010:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
          },
          {
            "name": "oval:org.mitre.oval:def:14340",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14340"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "41967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41967"
          },
          {
            "name": "RHSA-2010:0807",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
          },
          {
            "name": "FEDORA-2010-16312",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
          },
          {
            "name": "ADV-2010-2745",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2745"
          },
          {
            "name": "FEDORA-2010-16294",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114327"
        },
        {
          "name": "RHSA-2010:0865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114315"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "name": "SUSE-SA:2010:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
        },
        {
          "name": "RHSA-2010:0770",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
        },
        {
          "name": "SSRT100333",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "name": "RHSA-2010:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
        },
        {
          "name": "FEDORA-2010-16240",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
        },
        {
          "name": "USN-1010-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1010-1"
        },
        {
          "name": "oval:org.mitre.oval:def:11559",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11559"
        },
        {
          "name": "RHSA-2010:0987",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
        },
        {
          "name": "RHSA-2010:0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
        },
        {
          "name": "44954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642180"
        },
        {
          "name": "RHSA-2011:0880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
        },
        {
          "name": "RHSA-2010:0873",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "42974",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42974"
        },
        {
          "name": "41972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41972"
        },
        {
          "name": "HPSBUX02608",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100123193"
        },
        {
          "name": "RHSA-2010:0786",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
        },
        {
          "name": "44027",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44027"
        },
        {
          "name": "SUSE-SR:2010:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
        },
        {
          "name": "oval:org.mitre.oval:def:14340",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14340"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "41967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41967"
        },
        {
          "name": "RHSA-2010:0807",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
        },
        {
          "name": "FEDORA-2010-16312",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
        },
        {
          "name": "ADV-2010-2745",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2745"
        },
        {
          "name": "FEDORA-2010-16294",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-3549",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.avaya.com/css/P8/documents/100114327",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114327"
            },
            {
              "name": "RHSA-2010:0865",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100114315",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114315"
            },
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "HPSBMU02799",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "SUSE-SA:2010:061",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
            },
            {
              "name": "RHSA-2010:0770",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
            },
            {
              "name": "SSRT100333",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "RHSA-2010:0768",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
            },
            {
              "name": "FEDORA-2010-16240",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
            },
            {
              "name": "USN-1010-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1010-1"
            },
            {
              "name": "oval:org.mitre.oval:def:11559",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11559"
            },
            {
              "name": "RHSA-2010:0987",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
            },
            {
              "name": "RHSA-2010:0986",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
            },
            {
              "name": "44954",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44954"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=642180",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642180"
            },
            {
              "name": "RHSA-2011:0880",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
            },
            {
              "name": "RHSA-2010:0873",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
            },
            {
              "name": "42974",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42974"
            },
            {
              "name": "41972",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41972"
            },
            {
              "name": "HPSBUX02608",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100123193",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100123193"
            },
            {
              "name": "RHSA-2010:0786",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
            },
            {
              "name": "44027",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44027"
            },
            {
              "name": "SUSE-SR:2010:019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "oval:org.mitre.oval:def:14340",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14340"
            },
            {
              "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
            },
            {
              "name": "41967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41967"
            },
            {
              "name": "RHSA-2010:0807",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
            },
            {
              "name": "FEDORA-2010-16312",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
            },
            {
              "name": "ADV-2010-2745",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2745"
            },
            {
              "name": "FEDORA-2010-16294",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2010-3549",
    "datePublished": "2010-10-19T21:00:00",
    "dateReserved": "2010-09-20T00:00:00",
    "dateUpdated": "2024-08-07T03:11:44.369Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3562

Vulnerability from cvelistv5

Published

2010-10-19 21:00

Modified

2024-08-07 03:11

Severity ?

Summary

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.

References

▼	URL	Tags
	http://support.avaya.com/css/P8/documents/100114327	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0865.html	vendor-advisory, x_refsource_REDHAT
	http://support.avaya.com/css/P8/documents/100114315	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201406-32.xml	vendor-advisory, x_refsource_GENTOO
	http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2010-0770.html	vendor-advisory, x_refsource_REDHAT
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2010-0768.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html	vendor-advisory, x_refsource_FEDORA
	http://www.ubuntu.com/usn/USN-1010-1	vendor-advisory, x_refsource_UBUNTU
	http://www.redhat.com/support/errata/RHSA-2010-0987.html	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=639897	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0986.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/44954	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2011-0880.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11893	vdb-entry, signature, x_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2010-0873.html	vendor-advisory, x_refsource_REDHAT
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12450	vdb-entry, signature, x_refsource_OVAL
	http://www.vmware.com/security/advisories/VMSA-2011-0003.html	x_refsource_CONFIRM
	http://secunia.com/advisories/42974	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/41972	third-party-advisory, x_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://support.avaya.com/css/P8/documents/100123193	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0786.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/516397/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/41967	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2010-0807.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/43979	vdb-entry, x_refsource_BID
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/2745	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html	vendor-advisory, x_refsource_FEDORA

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:11:44.443Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114327"
          },
          {
            "name": "RHSA-2010:0865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114315"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "name": "SUSE-SA:2010:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
          },
          {
            "name": "RHSA-2010:0770",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
          },
          {
            "name": "SSRT100333",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "name": "RHSA-2010:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
          },
          {
            "name": "FEDORA-2010-16240",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
          },
          {
            "name": "USN-1010-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1010-1"
          },
          {
            "name": "RHSA-2010:0987",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639897"
          },
          {
            "name": "RHSA-2010:0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
          },
          {
            "name": "44954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44954"
          },
          {
            "name": "RHSA-2011:0880",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11893",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11893"
          },
          {
            "name": "RHSA-2010:0873",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
          },
          {
            "name": "oval:org.mitre.oval:def:12450",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12450"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "42974",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42974"
          },
          {
            "name": "41972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41972"
          },
          {
            "name": "HPSBUX02608",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100123193"
          },
          {
            "name": "RHSA-2010:0786",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
          },
          {
            "name": "SUSE-SR:2010:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "41967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41967"
          },
          {
            "name": "RHSA-2010:0807",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
          },
          {
            "name": "43979",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/43979"
          },
          {
            "name": "FEDORA-2010-16312",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
          },
          {
            "name": "ADV-2010-2745",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2745"
          },
          {
            "name": "FEDORA-2010-16294",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114327"
        },
        {
          "name": "RHSA-2010:0865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114315"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "name": "SUSE-SA:2010:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
        },
        {
          "name": "RHSA-2010:0770",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
        },
        {
          "name": "SSRT100333",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "name": "RHSA-2010:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
        },
        {
          "name": "FEDORA-2010-16240",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
        },
        {
          "name": "USN-1010-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1010-1"
        },
        {
          "name": "RHSA-2010:0987",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639897"
        },
        {
          "name": "RHSA-2010:0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
        },
        {
          "name": "44954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44954"
        },
        {
          "name": "RHSA-2011:0880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
        },
        {
          "name": "oval:org.mitre.oval:def:11893",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11893"
        },
        {
          "name": "RHSA-2010:0873",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
        },
        {
          "name": "oval:org.mitre.oval:def:12450",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12450"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "42974",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42974"
        },
        {
          "name": "41972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41972"
        },
        {
          "name": "HPSBUX02608",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100123193"
        },
        {
          "name": "RHSA-2010:0786",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
        },
        {
          "name": "SUSE-SR:2010:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "41967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41967"
        },
        {
          "name": "RHSA-2010:0807",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
        },
        {
          "name": "43979",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/43979"
        },
        {
          "name": "FEDORA-2010-16312",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
        },
        {
          "name": "ADV-2010-2745",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2745"
        },
        {
          "name": "FEDORA-2010-16294",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-3562",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.avaya.com/css/P8/documents/100114327",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114327"
            },
            {
              "name": "RHSA-2010:0865",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100114315",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114315"
            },
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "HPSBMU02799",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "SUSE-SA:2010:061",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
            },
            {
              "name": "RHSA-2010:0770",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
            },
            {
              "name": "SSRT100333",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "RHSA-2010:0768",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
            },
            {
              "name": "FEDORA-2010-16240",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
            },
            {
              "name": "USN-1010-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1010-1"
            },
            {
              "name": "RHSA-2010:0987",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=639897",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639897"
            },
            {
              "name": "RHSA-2010:0986",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
            },
            {
              "name": "44954",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44954"
            },
            {
              "name": "RHSA-2011:0880",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
            },
            {
              "name": "oval:org.mitre.oval:def:11893",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11893"
            },
            {
              "name": "RHSA-2010:0873",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
            },
            {
              "name": "oval:org.mitre.oval:def:12450",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12450"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
            },
            {
              "name": "42974",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42974"
            },
            {
              "name": "41972",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41972"
            },
            {
              "name": "HPSBUX02608",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100123193",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100123193"
            },
            {
              "name": "RHSA-2010:0786",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
            },
            {
              "name": "SUSE-SR:2010:019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
            },
            {
              "name": "41967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41967"
            },
            {
              "name": "RHSA-2010:0807",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
            },
            {
              "name": "43979",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/43979"
            },
            {
              "name": "FEDORA-2010-16312",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
            },
            {
              "name": "ADV-2010-2745",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2745"
            },
            {
              "name": "FEDORA-2010-16294",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2010-3562",
    "datePublished": "2010-10-19T21:00:00",
    "dateReserved": "2010-09-20T00:00:00",
    "dateUpdated": "2024-08-07T03:11:44.443Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3573

Vulnerability from cvelistv5

Published

2010-10-19 21:00

Modified

2024-08-07 03:11

Severity ?

Summary

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.

References

▼	URL	Tags
	http://support.avaya.com/css/P8/documents/100114327	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0865.html	vendor-advisory, x_refsource_REDHAT
	http://support.avaya.com/css/P8/documents/100114315	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201406-32.xml	vendor-advisory, x_refsource_GENTOO
	http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2010-0770.html	vendor-advisory, x_refsource_REDHAT
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2010-0768.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html	vendor-advisory, x_refsource_FEDORA
	http://www.ubuntu.com/usn/USN-1010-1	vendor-advisory, x_refsource_UBUNTU
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12220	vdb-entry, signature, x_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2010-0987.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/44954	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.redhat.com/show_bug.cgi?id=642202	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2011-0880.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0873.html	vendor-advisory, x_refsource_REDHAT
	http://www.vmware.com/security/advisories/VMSA-2011-0003.html	x_refsource_CONFIRM
	http://secunia.com/advisories/42974	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/41972	third-party-advisory, x_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11990	vdb-entry, signature, x_refsource_OVAL
	http://support.avaya.com/css/P8/documents/100123193	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/516397/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/41967	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2010-0807.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html	vendor-advisory, x_refsource_FEDORA

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:11:44.433Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114327"
          },
          {
            "name": "RHSA-2010:0865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114315"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "name": "RHSA-2010:0770",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
          },
          {
            "name": "SSRT100333",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "name": "RHSA-2010:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
          },
          {
            "name": "FEDORA-2010-16240",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
          },
          {
            "name": "USN-1010-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1010-1"
          },
          {
            "name": "oval:org.mitre.oval:def:12220",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12220"
          },
          {
            "name": "RHSA-2010:0987",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
          },
          {
            "name": "44954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642202"
          },
          {
            "name": "RHSA-2011:0880",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
          },
          {
            "name": "RHSA-2010:0873",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "42974",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42974"
          },
          {
            "name": "41972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41972"
          },
          {
            "name": "HPSBUX02608",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "name": "oval:org.mitre.oval:def:11990",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11990"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100123193"
          },
          {
            "name": "SUSE-SR:2010:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "41967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41967"
          },
          {
            "name": "RHSA-2010:0807",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
          },
          {
            "name": "FEDORA-2010-16312",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
          },
          {
            "name": "FEDORA-2010-16294",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114327"
        },
        {
          "name": "RHSA-2010:0865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114315"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "name": "RHSA-2010:0770",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
        },
        {
          "name": "SSRT100333",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "name": "RHSA-2010:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
        },
        {
          "name": "FEDORA-2010-16240",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
        },
        {
          "name": "USN-1010-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1010-1"
        },
        {
          "name": "oval:org.mitre.oval:def:12220",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12220"
        },
        {
          "name": "RHSA-2010:0987",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
        },
        {
          "name": "44954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642202"
        },
        {
          "name": "RHSA-2011:0880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
        },
        {
          "name": "RHSA-2010:0873",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "42974",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42974"
        },
        {
          "name": "41972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41972"
        },
        {
          "name": "HPSBUX02608",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "name": "oval:org.mitre.oval:def:11990",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11990"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100123193"
        },
        {
          "name": "SUSE-SR:2010:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "41967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41967"
        },
        {
          "name": "RHSA-2010:0807",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
        },
        {
          "name": "FEDORA-2010-16312",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
        },
        {
          "name": "FEDORA-2010-16294",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-3573",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.avaya.com/css/P8/documents/100114327",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114327"
            },
            {
              "name": "RHSA-2010:0865",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100114315",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114315"
            },
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "HPSBMU02799",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "RHSA-2010:0770",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
            },
            {
              "name": "SSRT100333",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "RHSA-2010:0768",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
            },
            {
              "name": "FEDORA-2010-16240",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
            },
            {
              "name": "USN-1010-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1010-1"
            },
            {
              "name": "oval:org.mitre.oval:def:12220",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12220"
            },
            {
              "name": "RHSA-2010:0987",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
            },
            {
              "name": "44954",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44954"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=642202",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642202"
            },
            {
              "name": "RHSA-2011:0880",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
            },
            {
              "name": "RHSA-2010:0873",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
            },
            {
              "name": "42974",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42974"
            },
            {
              "name": "41972",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41972"
            },
            {
              "name": "HPSBUX02608",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "oval:org.mitre.oval:def:11990",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11990"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100123193",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100123193"
            },
            {
              "name": "SUSE-SR:2010:019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
            },
            {
              "name": "41967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41967"
            },
            {
              "name": "RHSA-2010:0807",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
            },
            {
              "name": "FEDORA-2010-16312",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
            },
            {
              "name": "FEDORA-2010-16294",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2010-3573",
    "datePublished": "2010-10-19T21:00:00",
    "dateReserved": "2010-09-20T00:00:00",
    "dateUpdated": "2024-08-07T03:11:44.433Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3555

Vulnerability from cvelistv5

Published

2009-11-09 17:00

Modified

2024-08-07 06:31

Severity ?

Summary

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

References

▼	URL	Tags
	http://lists.apple.com/archives/security-announce/2010//May/msg00001.html	vendor-advisory, x_refsource_APPLE
	http://www.securitytracker.com/id?1023427	vdb-entry, x_refsource_SECTRACK
	http://support.avaya.com/css/P8/documents/100081611	x_refsource_CONFIRM
	http://osvdb.org/62210	vdb-entry, x_refsource_OSVDB
	http://secunia.com/advisories/37640	third-party-advisory, x_refsource_SECUNIA
	http://www.arubanetworks.com/support/alerts/aid-020810.txt	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/0916	vdb-entry, x_refsource_VUPEN
	http://support.avaya.com/css/P8/documents/100114327	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0167.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2010/2010	vdb-entry, x_refsource_VUPEN
	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/0086	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2010/1673	vdb-entry, x_refsource_VUPEN
	http://www.ietf.org/mail-archive/web/tls/current/msg03948.html	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/37656	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2010-0865.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/39628	third-party-advisory, x_refsource_SECUNIA
	http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html	x_refsource_CONFIRM
	http://secunia.com/advisories/42724	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2009/3310	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2009/3205	vdb-entry, x_refsource_VUPEN
	http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during	x_refsource_CONFIRM
	http://secunia.com/advisories/39461	third-party-advisory, x_refsource_SECUNIA
	http://support.avaya.com/css/P8/documents/100114315	x_refsource_CONFIRM
	http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201406-32.xml	vendor-advisory, x_refsource_GENTOO
	http://www.ingate.com/Relnote.php?ver=481	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1023204	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/40866	third-party-advisory, x_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
	http://www.us-cert.gov/cas/techalerts/TA10-222A.html	third-party-advisory, x_refsource_CERT
	http://www.securitytracker.com/id?1023211	vdb-entry, x_refsource_SECTRACK
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/39317	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1023212	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/39127	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/40545	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/3069	vdb-entry, x_refsource_VUPEN
	http://openbsd.org/errata45.html#010_openssl	vendor-advisory, x_refsource_OPENBSD
	http://www.securitytracker.com/id?1023210	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id?1023270	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/40070	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1023273	vdb-entry, x_refsource_SECTRACK
	http://kbase.redhat.com/faq/docs/DOC-20491	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-927-5	vendor-advisory, x_refsource_UBUNTU
	http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247	vendor-advisory, x_refsource_AIXAPAR
	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://www.mandriva.com/security/advisories?name=MDVSA-2010:089	vendor-advisory, x_refsource_MANDRIVA
	http://www.redhat.com/support/errata/RHSA-2010-0770.html	vendor-advisory, x_refsource_REDHAT
	http://www.openssl.org/news/secadv_20091111.txt	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1023275	vdb-entry, x_refsource_SECTRACK
	http://www.debian.org/security/2015/dsa-3253	vendor-advisory, x_refsource_DEBIAN
	http://www.vupen.com/english/advisories/2009/3484	vdb-entry, x_refsource_VUPEN
	http://www.securitytracker.com/id?1023207	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/37859	third-party-advisory, x_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=142660345230545&w=2	vendor-advisory, x_refsource_HP
	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1	vendor-advisory, x_refsource_SUNALERT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/0848	vdb-entry, x_refsource_VUPEN
	http://www.openwall.com/lists/oss-security/2009/11/07/3	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/39819	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055	vendor-advisory, x_refsource_AIXAPAR
	http://www.links.org/?p=786	x_refsource_MISC
	http://osvdb.org/60521	vdb-entry, x_refsource_OSVDB
	http://www.openwall.com/lists/oss-security/2009/11/23/10	mailing-list, x_refsource_MLIST
	http://www.kb.cert.org/vuls/id/120541	third-party-advisory, x_refsource_CERT-VN
	http://www.securitytracker.com/id?1023217	vdb-entry, x_refsource_SECTRACK
	http://www.redhat.com/support/errata/RHSA-2010-0768.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2009/3353	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/39136	third-party-advisory, x_refsource_SECUNIA
	http://www.openoffice.org/security/cves/CVE-2009-3555.html	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2011/0032	vdb-entry, x_refsource_VUPEN
	http://securitytracker.com/id?1023148	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/36935	vdb-entry, x_refsource_BID
	http://www.tombom.co.uk/blog/?p=85	x_refsource_MISC
	http://marc.info/?l=bugtraq&m=130497311408250&w=2	vendor-advisory, x_refsource_HP
	http://www.vupen.com/english/advisories/2010/1107	vdb-entry, x_refsource_VUPEN
	http://www.securitytracker.com/id?1023218	vdb-entry, x_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2010/1350	vdb-entry, x_refsource_VUPEN
	http://www.redhat.com/support/errata/RHSA-2010-0338.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/42379	third-party-advisory, x_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html	vendor-advisory, x_refsource_FEDORA
	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml	vendor-advisory, x_refsource_CISCO
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848	vendor-advisory, x_refsource_AIXAPAR
	http://www.securitytracker.com/id?1023213	vdb-entry, x_refsource_SECTRACK
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/1793	vdb-entry, x_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617	vdb-entry, signature, x_refsource_OVAL
	http://extendedsubset.com/?p=8	x_refsource_MISC
	http://secunia.com/advisories/37292	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/522176	vendor-advisory, x_refsource_HP
	https://exchange.xforce.ibmcloud.com/vulnerabilities/54158	vdb-entry, x_refsource_XF
	http://lists.apple.com/archives/security-announce/2010//May/msg00002.html	vendor-advisory, x_refsource_APPLE
	http://secunia.com/advisories/39278	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1023205	vdb-entry, x_refsource_SECTRACK
	http://www.redhat.com/support/errata/RHSA-2010-0130.html	vendor-advisory, x_refsource_REDHAT
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686	vendor-advisory, x_refsource_HP
	http://marc.info/?l=bugtraq&m=142660345230545&w=2	vendor-advisory, x_refsource_HP
	http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html	x_refsource_CONFIRM
	http://support.apple.com/kb/HT4004	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1023215	vdb-entry, x_refsource_SECTRACK
	http://www.ubuntu.com/usn/USN-1010-1	vendor-advisory, x_refsource_UBUNTU
	http://www.securitytracker.com/id?1023206	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html	vendor-advisory, x_refsource_SUSE
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-200912-01.xml	vendor-advisory, x_refsource_GENTOO
	http://marc.info/?l=bugtraq&m=127419602507642&w=2	vendor-advisory, x_refsource_HP
	http://www.vupen.com/english/advisories/2009/3313	vdb-entry, x_refsource_VUPEN
	http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1	vendor-advisory, x_refsource_SUNALERT
	http://www.securitytracker.com/id?1023208	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/43308	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1023214	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/38781	third-party-advisory, x_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=133469267822771&w=2	vendor-advisory, x_refsource_HP
	http://marc.info/?l=bugtraq&m=127419602507642&w=2	vendor-advisory, x_refsource_HP
	http://www.debian.org/security/2009/dsa-1934	vendor-advisory, x_refsource_DEBIAN
	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html	vendor-advisory, x_refsource_FEDORA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478	vdb-entry, signature, x_refsource_OVAL
	http://www.securitytracker.com/id?1023271	vdb-entry, x_refsource_SECTRACK
	http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html	vendor-advisory, x_refsource_APPLE
	http://marc.info/?l=cryptography&m=125752275331877&w=2	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/42467	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/508130/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315	vdb-entry, signature, x_refsource_OVAL
	http://www.securitytracker.com/id?1023224	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-927-4	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/41490	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/508075/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.securitytracker.com/id?1023243	vdb-entry, x_refsource_SECTRACK
	http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html	x_refsource_MISC
	http://secunia.com/advisories/37504	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1023219	vdb-entry, x_refsource_SECTRACK
	http://sysoev.ru/nginx/patch.cve-2009-3555.txt	x_refsource_CONFIRM
	http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html	x_refsource_MISC
	http://www.securitytracker.com/id?1023163	vdb-entry, x_refsource_SECTRACK
	http://marc.info/?l=bugtraq&m=132077688910227&w=2	vendor-advisory, x_refsource_HP
	http://www.vupen.com/english/advisories/2009/3521	vdb-entry, x_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973	vdb-entry, signature, x_refsource_OVAL
	http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995	vendor-advisory, x_refsource_HP
	http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=533125	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/44183	third-party-advisory, x_refsource_SECUNIA
	http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES	x_refsource_CONFIRM
	http://secunia.com/advisories/42808	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/39500	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578	vdb-entry, signature, x_refsource_OVAL
	http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/3220	vdb-entry, x_refsource_VUPEN
	http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751	vendor-advisory, x_refsource_HP
	http://marc.info/?l=bugtraq&m=127557596201693&w=2	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2010-0165.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/archive/1/515055/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.redhat.com/support/errata/RHSA-2010-0987.html	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.mozilla.org/show_bug.cgi?id=545755	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21426108	x_refsource_CONFIRM
	http://blogs.iss.net/archive/sslmitmiscsrf.html	x_refsource_MISC
	http://www.securitytracker.com/id?1023411	vdb-entry, x_refsource_SECTRACK
	http://www.redhat.com/support/errata/RHSA-2010-0339.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2010-0986.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2009/3164	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/37383	third-party-advisory, x_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/44954	third-party-advisory, x_refsource_SECUNIA
	http://www.ietf.org/mail-archive/web/tls/current/msg03928.html	mailing-list, x_refsource_MLIST
	http://marc.info/?l=bugtraq&m=127557596201693&w=2	vendor-advisory, x_refsource_HP
	http://support.avaya.com/css/P8/documents/100070150	x_refsource_CONFIRM
	http://secunia.com/advisories/40747	third-party-advisory, x_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=126150535619567&w=2	vendor-advisory, x_refsource_HP
	http://www.securityfocus.com/archive/1/522176	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/39292	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/42816	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054	vendor-advisory, x_refsource_AIXAPAR
	http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1	vendor-advisory, x_refsource_SUNALERT
	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html	vendor-advisory, x_refsource_FEDORA
	http://www-01.ibm.com/support/docview.wss?uid=swg21432298	x_refsource_CONFIRM
	http://extendedsubset.com/Renegotiating_TLS.pdf	x_refsource_MISC
	http://www-01.ibm.com/support/docview.wss?uid=swg24025312	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg24006386	x_refsource_CONFIRM
	http://support.apple.com/kb/HT4170	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/507952/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.securitytracker.com/id?1023209	vdb-entry, x_refsource_SECTRACK
	http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only	vendor-advisory, x_refsource_AIXAPAR
	http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=130497311408250&w=2	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/48577	third-party-advisory, x_refsource_SECUNIA
	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446	vendor-advisory, x_refsource_SLACKWARE
	http://www.links.org/?p=789	x_refsource_MISC
	http://www.opera.com/docs/changelogs/unix/1060/	x_refsource_CONFIRM
	http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html	x_refsource_MISC
	http://www.redhat.com/support/errata/RHSA-2011-0880.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2009/11/06/3	mailing-list, x_refsource_MLIST
	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html	vendor-advisory, x_refsource_FEDORA
	http://wiki.rpath.com/Advisories:rPSA-2009-0155	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html	vendor-advisory, x_refsource_SUSE
	http://support.citrix.com/article/CTX123359	x_refsource_CONFIRM
	http://secunia.com/advisories/37501	third-party-advisory, x_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=MDVSA-2010:076	vendor-advisory, x_refsource_MANDRIVA
	http://marc.info/?l=bugtraq&m=127128920008563&w=2	vendor-advisory, x_refsource_HP
	http://www.vupen.com/english/advisories/2009/3587	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/39632	third-party-advisory, x_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=126150535619567&w=2	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/38687	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.mozilla.org/show_bug.cgi?id=526689	x_refsource_MISC
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049	vendor-advisory, x_refsource_MS
	http://www.vupen.com/english/advisories/2010/0982	vdb-entry, x_refsource_VUPEN
	http://marc.info/?l=bugtraq&m=133469267822771&w=2	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/37399	third-party-advisory, x_refsource_SECUNIA
	http://www.ubuntu.com/usn/USN-927-1	vendor-advisory, x_refsource_UBUNTU
	http://www.securitytracker.com/id?1023272	vdb-entry, x_refsource_SECTRACK
	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/3126	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/37320	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2009/3165	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2010/1639	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/38020	third-party-advisory, x_refsource_SECUNIA
	http://ubuntu.com/usn/usn-923-1	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/39243	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/37453	third-party-advisory, x_refsource_SECUNIA
	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/0933	vdb-entry, x_refsource_VUPEN
	http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995	vendor-advisory, x_refsource_HP
	http://www.vmware.com/security/advisories/VMSA-2011-0003.html	x_refsource_CONFIRM
	http://secunia.com/advisories/41972	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/3086	vdb-entry, x_refsource_VUPEN
	http://www.debian.org/security/2011/dsa-2141	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id?1024789	vdb-entry, x_refsource_SECTRACK
	http://www.redhat.com/support/errata/RHSA-2010-0155.html	vendor-advisory, x_refsource_REDHAT
	http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html	x_refsource_MISC
	http://www.vupen.com/english/advisories/2011/0033	vdb-entry, x_refsource_VUPEN
	http://www.redhat.com/support/errata/RHSA-2010-0337.html	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id?1023216	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/41480	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2011/0086	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/41818	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/37604	third-party-advisory, x_refsource_SECUNIA
	http://www.opera.com/support/search/view/944/	x_refsource_CONFIRM
	http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.us-cert.gov/cas/techalerts/TA10-287A.html	third-party-advisory, x_refsource_CERT
	http://www.links.org/?p=780	x_refsource_MISC
	http://www.redhat.com/support/errata/RHSA-2010-0119.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/38056	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/0748	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/37675	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535	vdb-entry, signature, x_refsource_OVAL
	http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751	vendor-advisory, x_refsource_HP
	http://marc.info/?l=bugtraq&m=127128920008563&w=2	vendor-advisory, x_refsource_HP
	http://www.vmware.com/security/advisories/VMSA-2010-0019.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0786.html	vendor-advisory, x_refsource_REDHAT
	https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt	x_refsource_MISC
	http://secunia.com/advisories/38003	third-party-advisory, x_refsource_SECUNIA
	http://support.apple.com/kb/HT4171	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1023428	vdb-entry, x_refsource_SECTRACK
	http://marc.info/?l=bugtraq&m=132077688910227&w=2	vendor-advisory, x_refsource_HP
	http://www.openwall.com/lists/oss-security/2009/11/20/1	mailing-list, x_refsource_MLIST
	http://www.vupen.com/english/advisories/2009/3354	vdb-entry, x_refsource_VUPEN
	http://www.securitytracker.com/id?1023274	vdb-entry, x_refsource_SECTRACK
	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/39242	third-party-advisory, x_refsource_SECUNIA
	https://kb.bluecoat.com/index?page=content&id=SA50	x_refsource_CONFIRM
	http://secunia.com/advisories/38241	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/42377	third-party-advisory, x_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-201203-22.xml	vendor-advisory, x_refsource_GENTOO
	http://www.openwall.com/lists/oss-security/2009/11/05/3	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://osvdb.org/60972	vdb-entry, x_refsource_OSVDB
	http://www.securitytracker.com/id?1023426	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/38484	third-party-advisory, x_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=MDVSA-2010:084	vendor-advisory, x_refsource_MANDRIVA
	http://www.betanews.com/article/1257452450	x_refsource_MISC
	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1	vendor-advisory, x_refsource_SUNALERT
	http://www.mozilla.org/security/announce/2010/mfsa2010-22.html	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/516397/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://openbsd.org/errata46.html#004_openssl	vendor-advisory, x_refsource_OPENBSD
	http://secunia.com/advisories/41967	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2010-0807.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2010/1191	vdb-entry, x_refsource_VUPEN
	http://seclists.org/fulldisclosure/2009/Nov/139	mailing-list, x_refsource_FULLDISC
	https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2009/11/05/5	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/39713	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/42733	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/37291	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/2745	vdb-entry, x_refsource_VUPEN
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1	vendor-advisory, x_refsource_SUNALERT
	http://www.vupen.com/english/advisories/2010/0994	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2010/0173	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2010/1054	vdb-entry, x_refsource_VUPEN
	http://osvdb.org/65202	vdb-entry, x_refsource_OSVDB
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041	vendor-advisory, x_refsource_HP
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html	vendor-advisory, x_refsource_FEDORA
	http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html	mailing-list, x_refsource_MLIST
	http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html	mailing-list, x_refsource_BUGTRAQ
	http://clicky.me/tlsvuln	x_refsource_MISC
	http://secunia.com/advisories/42811	third-party-advisory, x_refsource_SECUNIA
	https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:31:10.430Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2010-05-18-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
          },
          {
            "name": "1023427",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023427"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100081611"
          },
          {
            "name": "62210",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/62210"
          },
          {
            "name": "37640",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37640"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt"
          },
          {
            "name": "ADV-2010-0916",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0916"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114327"
          },
          {
            "name": "RHSA-2010:0167",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html"
          },
          {
            "name": "ADV-2010-2010",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2010"
          },
          {
            "name": "FEDORA-2009-12750",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html"
          },
          {
            "name": "ADV-2010-0086",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0086"
          },
          {
            "name": "ADV-2010-1673",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1673"
          },
          {
            "name": "[tls] 20091104 TLS renegotiation issue",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"
          },
          {
            "name": "37656",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37656"
          },
          {
            "name": "RHSA-2010:0865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
          },
          {
            "name": "39628",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39628"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
          },
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "ADV-2009-3310",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3310"
          },
          {
            "name": "ADV-2009-3205",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3205"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"
          },
          {
            "name": "39461",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39461"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114315"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ingate.com/Relnote.php?ver=481"
          },
          {
            "name": "1023204",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023204"
          },
          {
            "name": "40866",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40866"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "name": "TA10-222A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
          },
          {
            "name": "1023211",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023211"
          },
          {
            "name": "SSRT090249",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
          },
          {
            "name": "39317",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39317"
          },
          {
            "name": "1023212",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023212"
          },
          {
            "name": "SUSE-SA:2010:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
          },
          {
            "name": "39127",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39127"
          },
          {
            "name": "40545",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40545"
          },
          {
            "name": "ADV-2010-3069",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3069"
          },
          {
            "name": "[4.5] 010: SECURITY FIX: November 26, 2009",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://openbsd.org/errata45.html#010_openssl"
          },
          {
            "name": "1023210",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023210"
          },
          {
            "name": "1023270",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023270"
          },
          {
            "name": "40070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40070"
          },
          {
            "name": "1023273",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023273"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kbase.redhat.com/faq/docs/DOC-20491"
          },
          {
            "name": "USN-927-5",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-927-5"
          },
          {
            "name": "PM12247",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247"
          },
          {
            "name": "SUSE-SU-2011:0847",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
          },
          {
            "name": "MDVSA-2010:089",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089"
          },
          {
            "name": "RHSA-2010:0770",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20091111.txt"
          },
          {
            "name": "1023275",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023275"
          },
          {
            "name": "DSA-3253",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3253"
          },
          {
            "name": "ADV-2009-3484",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3484"
          },
          {
            "name": "1023207",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023207"
          },
          {
            "name": "37859",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37859"
          },
          {
            "name": "SSRT101846",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "1021752",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"
          },
          {
            "name": "FEDORA-2010-6131",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html"
          },
          {
            "name": "ADV-2010-0848",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0848"
          },
          {
            "name": "[oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/07/3"
          },
          {
            "name": "39819",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39819"
          },
          {
            "name": "IC68055",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.links.org/?p=786"
          },
          {
            "name": "60521",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/60521"
          },
          {
            "name": "[oss-security] 20091123 Re: CVEs for nginx",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
          },
          {
            "name": "VU#120541",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/120541"
          },
          {
            "name": "1023217",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023217"
          },
          {
            "name": "RHSA-2010:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
          },
          {
            "name": "ADV-2009-3353",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3353"
          },
          {
            "name": "FEDORA-2010-5357",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
          },
          {
            "name": "39136",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39136"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html"
          },
          {
            "name": "ADV-2011-0032",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0032"
          },
          {
            "name": "1023148",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023148"
          },
          {
            "name": "openSUSE-SU-2011:0845",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
          },
          {
            "name": "36935",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36935"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.tombom.co.uk/blog/?p=85"
          },
          {
            "name": "SSRT090208",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "name": "ADV-2010-1107",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1107"
          },
          {
            "name": "1023218",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023218"
          },
          {
            "name": "ADV-2010-1350",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1350"
          },
          {
            "name": "RHSA-2010:0338",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html"
          },
          {
            "name": "42379",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42379"
          },
          {
            "name": "FEDORA-2009-12775",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html"
          },
          {
            "name": "20091109 Transport Layer Security Renegotiation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml"
          },
          {
            "name": "IC67848",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848"
          },
          {
            "name": "1023213",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023213"
          },
          {
            "name": "FEDORA-2010-16240",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
          },
          {
            "name": "ADV-2010-1793",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1793"
          },
          {
            "name": "oval:org.mitre.oval:def:11617",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://extendedsubset.com/?p=8"
          },
          {
            "name": "37292",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37292"
          },
          {
            "name": "SSRT100817",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/522176"
          },
          {
            "name": "tls-renegotiation-weak-security(54158)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"
          },
          {
            "name": "APPLE-SA-2010-05-18-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
          },
          {
            "name": "39278",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39278"
          },
          {
            "name": "1023205",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023205"
          },
          {
            "name": "RHSA-2010:0130",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html"
          },
          {
            "name": "HPSBUX02482",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
          },
          {
            "name": "HPSBHF03293",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4004"
          },
          {
            "name": "1023215",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023215"
          },
          {
            "name": "USN-1010-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1010-1"
          },
          {
            "name": "1023206",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023206"
          },
          {
            "name": "SUSE-SR:2010:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "GLSA-200912-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
          },
          {
            "name": "SSRT090180",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
          },
          {
            "name": "ADV-2009-3313",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3313"
          },
          {
            "name": "274990",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
          },
          {
            "name": "1023208",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023208"
          },
          {
            "name": "43308",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43308"
          },
          {
            "name": "1023214",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023214"
          },
          {
            "name": "SUSE-SA:2009:057",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"
          },
          {
            "name": "38781",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38781"
          },
          {
            "name": "HPSBOV02762",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
          },
          {
            "name": "HPSBMA02534",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
          },
          {
            "name": "DSA-1934",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1934"
          },
          {
            "name": "FEDORA-2009-12782",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html"
          },
          {
            "name": "oval:org.mitre.oval:def:7478",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478"
          },
          {
            "name": "1023271",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023271"
          },
          {
            "name": "APPLE-SA-2010-01-19-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
          },
          {
            "name": "[cryptography] 20091105 OpenSSL 0.9.8l released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2"
          },
          {
            "name": "42467",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42467"
          },
          {
            "name": "20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:7315",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315"
          },
          {
            "name": "1023224",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023224"
          },
          {
            "name": "SUSE-SR:2010:013",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
          },
          {
            "name": "USN-927-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-927-4"
          },
          {
            "name": "41490",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41490"
          },
          {
            "name": "20091124 rPSA-2009-0155-1 httpd mod_ssl",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
          },
          {
            "name": "1023243",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023243"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"
          },
          {
            "name": "37504",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37504"
          },
          {
            "name": "1023219",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023219"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html"
          },
          {
            "name": "1023163",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023163"
          },
          {
            "name": "HPSBHF02706",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
          },
          {
            "name": "ADV-2009-3521",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3521"
          },
          {
            "name": "oval:org.mitre.oval:def:7973",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973"
          },
          {
            "name": "HPSBMA02568",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
          },
          {
            "name": "oval:org.mitre.oval:def:10088",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088"
          },
          {
            "name": "44183",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44183"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES"
          },
          {
            "name": "42808",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42808"
          },
          {
            "name": "39500",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39500"
          },
          {
            "name": "oval:org.mitre.oval:def:11578",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
          },
          {
            "name": "ADV-2009-3220",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3220"
          },
          {
            "name": "SSRT100179",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
          },
          {
            "name": "SSRT100089",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
          },
          {
            "name": "RHSA-2010:0165",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html"
          },
          {
            "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
          },
          {
            "name": "RHSA-2010:0987",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.iss.net/archive/sslmitmiscsrf.html"
          },
          {
            "name": "1023411",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023411"
          },
          {
            "name": "RHSA-2010:0339",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html"
          },
          {
            "name": "RHSA-2010:0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
          },
          {
            "name": "ADV-2009-3164",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3164"
          },
          {
            "name": "37383",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37383"
          },
          {
            "name": "FEDORA-2009-12229",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html"
          },
          {
            "name": "44954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44954"
          },
          {
            "name": "[tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"
          },
          {
            "name": "HPSBUX02524",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100070150"
          },
          {
            "name": "40747",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40747"
          },
          {
            "name": "HPSBUX02498",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
          },
          {
            "name": "HPSBMU02759",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/522176"
          },
          {
            "name": "39292",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39292"
          },
          {
            "name": "42816",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42816"
          },
          {
            "name": "IC68054",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054"
          },
          {
            "name": "273029",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
          },
          {
            "name": "FEDORA-2009-12604",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://extendedsubset.com/Renegotiating_TLS.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4170"
          },
          {
            "name": "20091118 TLS / SSLv3 vulnerability explained (DRAFT)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded"
          },
          {
            "name": "1023209",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023209"
          },
          {
            "name": "PM00675",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PM00675\u0026apar=only"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
          },
          {
            "name": "HPSBOV02683",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "name": "48577",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48577"
          },
          {
            "name": "SSA:2009-320-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.links.org/?p=789"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.opera.com/docs/changelogs/unix/1060/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"
          },
          {
            "name": "RHSA-2011:0880",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
          },
          {
            "name": "SUSE-SR:2010:008",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
          },
          {
            "name": "[oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/06/3"
          },
          {
            "name": "FEDORA-2009-12305",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155"
          },
          {
            "name": "SUSE-SR:2010:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX123359"
          },
          {
            "name": "37501",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37501"
          },
          {
            "name": "MDVSA-2010:076",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
          },
          {
            "name": "HPSBUX02517",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "name": "ADV-2009-3587",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3587"
          },
          {
            "name": "39632",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39632"
          },
          {
            "name": "SSRT090264",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
          },
          {
            "name": "38687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38687"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689"
          },
          {
            "name": "MS10-049",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"
          },
          {
            "name": "ADV-2010-0982",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0982"
          },
          {
            "name": "SSRT100825",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
          },
          {
            "name": "37399",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37399"
          },
          {
            "name": "USN-927-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-927-1"
          },
          {
            "name": "1023272",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023272"
          },
          {
            "name": "FEDORA-2009-12606",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html"
          },
          {
            "name": "ADV-2010-3126",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3126"
          },
          {
            "name": "37320",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37320"
          },
          {
            "name": "ADV-2009-3165",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3165"
          },
          {
            "name": "ADV-2010-1639",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1639"
          },
          {
            "name": "38020",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38020"
          },
          {
            "name": "USN-923-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-923-1"
          },
          {
            "name": "39243",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39243"
          },
          {
            "name": "oval:org.mitre.oval:def:8366",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366"
          },
          {
            "name": "37453",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37453"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
          },
          {
            "name": "ADV-2010-0933",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0933"
          },
          {
            "name": "SSRT100219",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "41972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41972"
          },
          {
            "name": "ADV-2010-3086",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3086"
          },
          {
            "name": "DSA-2141",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2141"
          },
          {
            "name": "1024789",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024789"
          },
          {
            "name": "RHSA-2010:0155",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"
          },
          {
            "name": "ADV-2011-0033",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0033"
          },
          {
            "name": "RHSA-2010:0337",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html"
          },
          {
            "name": "1023216",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023216"
          },
          {
            "name": "41480",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41480"
          },
          {
            "name": "ADV-2011-0086",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0086"
          },
          {
            "name": "41818",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41818"
          },
          {
            "name": "37604",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37604"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.opera.com/support/search/view/944/"
          },
          {
            "name": "[announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
          },
          {
            "name": "SUSE-SR:2010:024",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
          },
          {
            "name": "TA10-287A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.links.org/?p=780"
          },
          {
            "name": "RHSA-2010:0119",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html"
          },
          {
            "name": "38056",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38056"
          },
          {
            "name": "ADV-2010-0748",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0748"
          },
          {
            "name": "37675",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37675"
          },
          {
            "name": "oval:org.mitre.oval:def:8535",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535"
          },
          {
            "name": "HPSBMA02547",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
          },
          {
            "name": "SSRT100058",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
          },
          {
            "name": "RHSA-2010:0786",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"
          },
          {
            "name": "38003",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38003"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4171"
          },
          {
            "name": "1023428",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023428"
          },
          {
            "name": "SSRT100613",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
          },
          {
            "name": "[oss-security] 20091120 CVEs for nginx",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
          },
          {
            "name": "ADV-2009-3354",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3354"
          },
          {
            "name": "1023274",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023274"
          },
          {
            "name": "FEDORA-2009-12968",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html"
          },
          {
            "name": "39242",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39242"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "38241",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38241"
          },
          {
            "name": "42377",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42377"
          },
          {
            "name": "GLSA-201203-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
          },
          {
            "name": "[oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/05/3"
          },
          {
            "name": "SUSE-SR:2010:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
          },
          {
            "name": "60972",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/60972"
          },
          {
            "name": "1023426",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023426"
          },
          {
            "name": "38484",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38484"
          },
          {
            "name": "MDVSA-2010:084",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.betanews.com/article/1257452450"
          },
          {
            "name": "1021653",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "[4.6] 004: SECURITY FIX: November 26, 2009",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://openbsd.org/errata46.html#004_openssl"
          },
          {
            "name": "41967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41967"
          },
          {
            "name": "RHSA-2010:0807",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
          },
          {
            "name": "ADV-2010-1191",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1191"
          },
          {
            "name": "20091111 Re: SSL/TLS MiTM PoC",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2009/Nov/139"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"
          },
          {
            "name": "[oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/05/5"
          },
          {
            "name": "39713",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39713"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "37291",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37291"
          },
          {
            "name": "FEDORA-2010-16312",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
          },
          {
            "name": "FEDORA-2010-5942",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html"
          },
          {
            "name": "ADV-2010-2745",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2745"
          },
          {
            "name": "273350",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"
          },
          {
            "name": "ADV-2010-0994",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0994"
          },
          {
            "name": "ADV-2010-0173",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0173"
          },
          {
            "name": "ADV-2010-1054",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1054"
          },
          {
            "name": "65202",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/65202"
          },
          {
            "name": "HPSBGN02562",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041"
          },
          {
            "name": "FEDORA-2010-16294",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
          },
          {
            "name": "[gnutls-devel] 20091105 Re: TLS renegotiation MITM",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"
          },
          {
            "name": "20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://clicky.me/tlsvuln"
          },
          {
            "name": "42811",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42811"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:08:08",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "APPLE-SA-2010-05-18-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
        },
        {
          "name": "1023427",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023427"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100081611"
        },
        {
          "name": "62210",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/62210"
        },
        {
          "name": "37640",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37640"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt"
        },
        {
          "name": "ADV-2010-0916",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0916"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114327"
        },
        {
          "name": "RHSA-2010:0167",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html"
        },
        {
          "name": "ADV-2010-2010",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2010"
        },
        {
          "name": "FEDORA-2009-12750",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html"
        },
        {
          "name": "ADV-2010-0086",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0086"
        },
        {
          "name": "ADV-2010-1673",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1673"
        },
        {
          "name": "[tls] 20091104 TLS renegotiation issue",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"
        },
        {
          "name": "37656",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37656"
        },
        {
          "name": "RHSA-2010:0865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
        },
        {
          "name": "39628",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39628"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
        },
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "name": "ADV-2009-3310",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3310"
        },
        {
          "name": "ADV-2009-3205",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3205"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"
        },
        {
          "name": "39461",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39461"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114315"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ingate.com/Relnote.php?ver=481"
        },
        {
          "name": "1023204",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023204"
        },
        {
          "name": "40866",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40866"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "name": "TA10-222A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
        },
        {
          "name": "1023211",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023211"
        },
        {
          "name": "SSRT090249",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
        },
        {
          "name": "39317",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39317"
        },
        {
          "name": "1023212",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023212"
        },
        {
          "name": "SUSE-SA:2010:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
        },
        {
          "name": "39127",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39127"
        },
        {
          "name": "40545",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40545"
        },
        {
          "name": "ADV-2010-3069",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3069"
        },
        {
          "name": "[4.5] 010: SECURITY FIX: November 26, 2009",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://openbsd.org/errata45.html#010_openssl"
        },
        {
          "name": "1023210",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023210"
        },
        {
          "name": "1023270",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023270"
        },
        {
          "name": "40070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40070"
        },
        {
          "name": "1023273",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023273"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kbase.redhat.com/faq/docs/DOC-20491"
        },
        {
          "name": "USN-927-5",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-927-5"
        },
        {
          "name": "PM12247",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247"
        },
        {
          "name": "SUSE-SU-2011:0847",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
        },
        {
          "name": "MDVSA-2010:089",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089"
        },
        {
          "name": "RHSA-2010:0770",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20091111.txt"
        },
        {
          "name": "1023275",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023275"
        },
        {
          "name": "DSA-3253",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3253"
        },
        {
          "name": "ADV-2009-3484",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3484"
        },
        {
          "name": "1023207",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023207"
        },
        {
          "name": "37859",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37859"
        },
        {
          "name": "SSRT101846",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "1021752",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"
        },
        {
          "name": "FEDORA-2010-6131",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html"
        },
        {
          "name": "ADV-2010-0848",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0848"
        },
        {
          "name": "[oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/07/3"
        },
        {
          "name": "39819",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39819"
        },
        {
          "name": "IC68055",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.links.org/?p=786"
        },
        {
          "name": "60521",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/60521"
        },
        {
          "name": "[oss-security] 20091123 Re: CVEs for nginx",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
        },
        {
          "name": "VU#120541",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/120541"
        },
        {
          "name": "1023217",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023217"
        },
        {
          "name": "RHSA-2010:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
        },
        {
          "name": "ADV-2009-3353",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3353"
        },
        {
          "name": "FEDORA-2010-5357",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
        },
        {
          "name": "39136",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39136"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html"
        },
        {
          "name": "ADV-2011-0032",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0032"
        },
        {
          "name": "1023148",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023148"
        },
        {
          "name": "openSUSE-SU-2011:0845",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
        },
        {
          "name": "36935",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36935"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.tombom.co.uk/blog/?p=85"
        },
        {
          "name": "SSRT090208",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
        },
        {
          "name": "ADV-2010-1107",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1107"
        },
        {
          "name": "1023218",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023218"
        },
        {
          "name": "ADV-2010-1350",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1350"
        },
        {
          "name": "RHSA-2010:0338",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html"
        },
        {
          "name": "42379",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42379"
        },
        {
          "name": "FEDORA-2009-12775",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html"
        },
        {
          "name": "20091109 Transport Layer Security Renegotiation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml"
        },
        {
          "name": "IC67848",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848"
        },
        {
          "name": "1023213",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023213"
        },
        {
          "name": "FEDORA-2010-16240",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
        },
        {
          "name": "ADV-2010-1793",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1793"
        },
        {
          "name": "oval:org.mitre.oval:def:11617",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://extendedsubset.com/?p=8"
        },
        {
          "name": "37292",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37292"
        },
        {
          "name": "SSRT100817",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/522176"
        },
        {
          "name": "tls-renegotiation-weak-security(54158)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"
        },
        {
          "name": "APPLE-SA-2010-05-18-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
        },
        {
          "name": "39278",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39278"
        },
        {
          "name": "1023205",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023205"
        },
        {
          "name": "RHSA-2010:0130",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html"
        },
        {
          "name": "HPSBUX02482",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
        },
        {
          "name": "HPSBHF03293",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4004"
        },
        {
          "name": "1023215",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023215"
        },
        {
          "name": "USN-1010-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1010-1"
        },
        {
          "name": "1023206",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023206"
        },
        {
          "name": "SUSE-SR:2010:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "GLSA-200912-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
        },
        {
          "name": "SSRT090180",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
        },
        {
          "name": "ADV-2009-3313",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3313"
        },
        {
          "name": "274990",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
        },
        {
          "name": "1023208",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023208"
        },
        {
          "name": "43308",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43308"
        },
        {
          "name": "1023214",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023214"
        },
        {
          "name": "SUSE-SA:2009:057",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"
        },
        {
          "name": "38781",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38781"
        },
        {
          "name": "HPSBOV02762",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
        },
        {
          "name": "HPSBMA02534",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
        },
        {
          "name": "DSA-1934",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1934"
        },
        {
          "name": "FEDORA-2009-12782",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html"
        },
        {
          "name": "oval:org.mitre.oval:def:7478",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478"
        },
        {
          "name": "1023271",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023271"
        },
        {
          "name": "APPLE-SA-2010-01-19-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
        },
        {
          "name": "[cryptography] 20091105 OpenSSL 0.9.8l released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2"
        },
        {
          "name": "42467",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42467"
        },
        {
          "name": "20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:7315",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315"
        },
        {
          "name": "1023224",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023224"
        },
        {
          "name": "SUSE-SR:2010:013",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
        },
        {
          "name": "USN-927-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-927-4"
        },
        {
          "name": "41490",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41490"
        },
        {
          "name": "20091124 rPSA-2009-0155-1 httpd mod_ssl",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
        },
        {
          "name": "1023243",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023243"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"
        },
        {
          "name": "37504",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37504"
        },
        {
          "name": "1023219",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023219"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html"
        },
        {
          "name": "1023163",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023163"
        },
        {
          "name": "HPSBHF02706",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
        },
        {
          "name": "ADV-2009-3521",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3521"
        },
        {
          "name": "oval:org.mitre.oval:def:7973",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973"
        },
        {
          "name": "HPSBMA02568",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
        },
        {
          "name": "oval:org.mitre.oval:def:10088",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088"
        },
        {
          "name": "44183",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44183"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES"
        },
        {
          "name": "42808",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42808"
        },
        {
          "name": "39500",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39500"
        },
        {
          "name": "oval:org.mitre.oval:def:11578",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
        },
        {
          "name": "ADV-2009-3220",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3220"
        },
        {
          "name": "SSRT100179",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
        },
        {
          "name": "SSRT100089",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
        },
        {
          "name": "RHSA-2010:0165",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html"
        },
        {
          "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
        },
        {
          "name": "RHSA-2010:0987",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.iss.net/archive/sslmitmiscsrf.html"
        },
        {
          "name": "1023411",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023411"
        },
        {
          "name": "RHSA-2010:0339",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html"
        },
        {
          "name": "RHSA-2010:0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
        },
        {
          "name": "ADV-2009-3164",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3164"
        },
        {
          "name": "37383",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37383"
        },
        {
          "name": "FEDORA-2009-12229",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html"
        },
        {
          "name": "44954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44954"
        },
        {
          "name": "[tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"
        },
        {
          "name": "HPSBUX02524",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100070150"
        },
        {
          "name": "40747",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40747"
        },
        {
          "name": "HPSBUX02498",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
        },
        {
          "name": "HPSBMU02759",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/522176"
        },
        {
          "name": "39292",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39292"
        },
        {
          "name": "42816",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42816"
        },
        {
          "name": "IC68054",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054"
        },
        {
          "name": "273029",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
        },
        {
          "name": "FEDORA-2009-12604",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://extendedsubset.com/Renegotiating_TLS.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4170"
        },
        {
          "name": "20091118 TLS / SSLv3 vulnerability explained (DRAFT)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded"
        },
        {
          "name": "1023209",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023209"
        },
        {
          "name": "PM00675",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PM00675\u0026apar=only"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
        },
        {
          "name": "HPSBOV02683",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
        },
        {
          "name": "48577",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48577"
        },
        {
          "name": "SSA:2009-320-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.links.org/?p=789"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.opera.com/docs/changelogs/unix/1060/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"
        },
        {
          "name": "RHSA-2011:0880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
        },
        {
          "name": "SUSE-SR:2010:008",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
        },
        {
          "name": "[oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/06/3"
        },
        {
          "name": "FEDORA-2009-12305",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155"
        },
        {
          "name": "SUSE-SR:2010:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX123359"
        },
        {
          "name": "37501",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37501"
        },
        {
          "name": "MDVSA-2010:076",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
        },
        {
          "name": "HPSBUX02517",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "name": "ADV-2009-3587",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3587"
        },
        {
          "name": "39632",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39632"
        },
        {
          "name": "SSRT090264",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
        },
        {
          "name": "38687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38687"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689"
        },
        {
          "name": "MS10-049",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"
        },
        {
          "name": "ADV-2010-0982",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0982"
        },
        {
          "name": "SSRT100825",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
        },
        {
          "name": "37399",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37399"
        },
        {
          "name": "USN-927-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-927-1"
        },
        {
          "name": "1023272",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023272"
        },
        {
          "name": "FEDORA-2009-12606",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html"
        },
        {
          "name": "ADV-2010-3126",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3126"
        },
        {
          "name": "37320",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37320"
        },
        {
          "name": "ADV-2009-3165",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3165"
        },
        {
          "name": "ADV-2010-1639",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1639"
        },
        {
          "name": "38020",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38020"
        },
        {
          "name": "USN-923-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-923-1"
        },
        {
          "name": "39243",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39243"
        },
        {
          "name": "oval:org.mitre.oval:def:8366",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366"
        },
        {
          "name": "37453",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37453"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
        },
        {
          "name": "ADV-2010-0933",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0933"
        },
        {
          "name": "SSRT100219",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "41972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41972"
        },
        {
          "name": "ADV-2010-3086",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3086"
        },
        {
          "name": "DSA-2141",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2141"
        },
        {
          "name": "1024789",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024789"
        },
        {
          "name": "RHSA-2010:0155",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"
        },
        {
          "name": "ADV-2011-0033",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0033"
        },
        {
          "name": "RHSA-2010:0337",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html"
        },
        {
          "name": "1023216",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023216"
        },
        {
          "name": "41480",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41480"
        },
        {
          "name": "ADV-2011-0086",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0086"
        },
        {
          "name": "41818",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41818"
        },
        {
          "name": "37604",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37604"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.opera.com/support/search/view/944/"
        },
        {
          "name": "[announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
        },
        {
          "name": "SUSE-SR:2010:024",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
        },
        {
          "name": "TA10-287A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.links.org/?p=780"
        },
        {
          "name": "RHSA-2010:0119",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html"
        },
        {
          "name": "38056",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38056"
        },
        {
          "name": "ADV-2010-0748",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0748"
        },
        {
          "name": "37675",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37675"
        },
        {
          "name": "oval:org.mitre.oval:def:8535",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535"
        },
        {
          "name": "HPSBMA02547",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
        },
        {
          "name": "SSRT100058",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
        },
        {
          "name": "RHSA-2010:0786",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"
        },
        {
          "name": "38003",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38003"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4171"
        },
        {
          "name": "1023428",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023428"
        },
        {
          "name": "SSRT100613",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
        },
        {
          "name": "[oss-security] 20091120 CVEs for nginx",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
        },
        {
          "name": "ADV-2009-3354",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3354"
        },
        {
          "name": "1023274",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023274"
        },
        {
          "name": "FEDORA-2009-12968",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html"
        },
        {
          "name": "39242",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39242"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "name": "38241",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38241"
        },
        {
          "name": "42377",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42377"
        },
        {
          "name": "GLSA-201203-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
        },
        {
          "name": "[oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/05/3"
        },
        {
          "name": "SUSE-SR:2010:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
        },
        {
          "name": "60972",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/60972"
        },
        {
          "name": "1023426",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023426"
        },
        {
          "name": "38484",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38484"
        },
        {
          "name": "MDVSA-2010:084",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.betanews.com/article/1257452450"
        },
        {
          "name": "1021653",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "[4.6] 004: SECURITY FIX: November 26, 2009",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://openbsd.org/errata46.html#004_openssl"
        },
        {
          "name": "41967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41967"
        },
        {
          "name": "RHSA-2010:0807",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
        },
        {
          "name": "ADV-2010-1191",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1191"
        },
        {
          "name": "20091111 Re: SSL/TLS MiTM PoC",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2009/Nov/139"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"
        },
        {
          "name": "[oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/05/5"
        },
        {
          "name": "39713",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39713"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        },
        {
          "name": "37291",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37291"
        },
        {
          "name": "FEDORA-2010-16312",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
        },
        {
          "name": "FEDORA-2010-5942",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html"
        },
        {
          "name": "ADV-2010-2745",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2745"
        },
        {
          "name": "273350",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"
        },
        {
          "name": "ADV-2010-0994",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0994"
        },
        {
          "name": "ADV-2010-0173",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0173"
        },
        {
          "name": "ADV-2010-1054",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1054"
        },
        {
          "name": "65202",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/65202"
        },
        {
          "name": "HPSBGN02562",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041"
        },
        {
          "name": "FEDORA-2010-16294",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
        },
        {
          "name": "[gnutls-devel] 20091105 Re: TLS renegotiation MITM",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"
        },
        {
          "name": "20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://clicky.me/tlsvuln"
        },
        {
          "name": "42811",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42811"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-3555",
    "datePublished": "2009-11-09T17:00:00",
    "dateReserved": "2009-10-05T00:00:00",
    "dateUpdated": "2024-08-07T06:31:10.430Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3541

Vulnerability from cvelistv5

Published

2010-10-19 21:00

Modified

2024-08-07 03:11

Severity ?

Summary

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.

References

▼	URL	Tags
	http://support.avaya.com/css/P8/documents/100114327	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0865.html	vendor-advisory, x_refsource_REDHAT
	http://support.avaya.com/css/P8/documents/100114315	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201406-32.xml	vendor-advisory, x_refsource_GENTOO
	http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/44032	vdb-entry, x_refsource_BID
	http://www.redhat.com/support/errata/RHSA-2010-0770.html	vendor-advisory, x_refsource_REDHAT
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14354	vdb-entry, signature, x_refsource_OVAL
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2010-0768.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html	vendor-advisory, x_refsource_FEDORA
	http://www.ubuntu.com/usn/USN-1010-1	vendor-advisory, x_refsource_UBUNTU
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12491	vdb-entry, signature, x_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2010-0987.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2010-0986.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/44954	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.redhat.com/show_bug.cgi?id=642202	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2011-0880.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0873.html	vendor-advisory, x_refsource_REDHAT
	http://www.vmware.com/security/advisories/VMSA-2011-0003.html	x_refsource_CONFIRM
	http://secunia.com/advisories/42974	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/41972	third-party-advisory, x_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://support.avaya.com/css/P8/documents/100123193	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0786.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/516397/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/41967	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2010-0807.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/2745	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html	vendor-advisory, x_refsource_FEDORA

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:11:44.377Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114327"
          },
          {
            "name": "RHSA-2010:0865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114315"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "name": "SUSE-SA:2010:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
          },
          {
            "name": "44032",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44032"
          },
          {
            "name": "RHSA-2010:0770",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
          },
          {
            "name": "oval:org.mitre.oval:def:14354",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14354"
          },
          {
            "name": "SSRT100333",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "name": "RHSA-2010:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
          },
          {
            "name": "FEDORA-2010-16240",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
          },
          {
            "name": "USN-1010-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1010-1"
          },
          {
            "name": "oval:org.mitre.oval:def:12491",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12491"
          },
          {
            "name": "RHSA-2010:0987",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
          },
          {
            "name": "RHSA-2010:0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
          },
          {
            "name": "44954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642202"
          },
          {
            "name": "RHSA-2011:0880",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
          },
          {
            "name": "RHSA-2010:0873",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "42974",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42974"
          },
          {
            "name": "41972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41972"
          },
          {
            "name": "HPSBUX02608",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100123193"
          },
          {
            "name": "RHSA-2010:0786",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
          },
          {
            "name": "SUSE-SR:2010:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "41967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41967"
          },
          {
            "name": "RHSA-2010:0807",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
          },
          {
            "name": "FEDORA-2010-16312",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
          },
          {
            "name": "ADV-2010-2745",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2745"
          },
          {
            "name": "FEDORA-2010-16294",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114327"
        },
        {
          "name": "RHSA-2010:0865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114315"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "name": "SUSE-SA:2010:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
        },
        {
          "name": "44032",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44032"
        },
        {
          "name": "RHSA-2010:0770",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
        },
        {
          "name": "oval:org.mitre.oval:def:14354",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14354"
        },
        {
          "name": "SSRT100333",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "name": "RHSA-2010:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
        },
        {
          "name": "FEDORA-2010-16240",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
        },
        {
          "name": "USN-1010-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1010-1"
        },
        {
          "name": "oval:org.mitre.oval:def:12491",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12491"
        },
        {
          "name": "RHSA-2010:0987",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
        },
        {
          "name": "RHSA-2010:0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
        },
        {
          "name": "44954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642202"
        },
        {
          "name": "RHSA-2011:0880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
        },
        {
          "name": "RHSA-2010:0873",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "42974",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42974"
        },
        {
          "name": "41972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41972"
        },
        {
          "name": "HPSBUX02608",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100123193"
        },
        {
          "name": "RHSA-2010:0786",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
        },
        {
          "name": "SUSE-SR:2010:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "41967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41967"
        },
        {
          "name": "RHSA-2010:0807",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
        },
        {
          "name": "FEDORA-2010-16312",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
        },
        {
          "name": "ADV-2010-2745",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2745"
        },
        {
          "name": "FEDORA-2010-16294",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-3541",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.avaya.com/css/P8/documents/100114327",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114327"
            },
            {
              "name": "RHSA-2010:0865",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100114315",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114315"
            },
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "HPSBMU02799",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "SUSE-SA:2010:061",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
            },
            {
              "name": "44032",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44032"
            },
            {
              "name": "RHSA-2010:0770",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
            },
            {
              "name": "oval:org.mitre.oval:def:14354",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14354"
            },
            {
              "name": "SSRT100333",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "RHSA-2010:0768",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
            },
            {
              "name": "FEDORA-2010-16240",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
            },
            {
              "name": "USN-1010-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1010-1"
            },
            {
              "name": "oval:org.mitre.oval:def:12491",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12491"
            },
            {
              "name": "RHSA-2010:0987",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
            },
            {
              "name": "RHSA-2010:0986",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
            },
            {
              "name": "44954",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44954"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=642202",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642202"
            },
            {
              "name": "RHSA-2011:0880",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
            },
            {
              "name": "RHSA-2010:0873",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
            },
            {
              "name": "42974",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42974"
            },
            {
              "name": "41972",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41972"
            },
            {
              "name": "HPSBUX02608",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100123193",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100123193"
            },
            {
              "name": "RHSA-2010:0786",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
            },
            {
              "name": "SUSE-SR:2010:019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
            },
            {
              "name": "41967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41967"
            },
            {
              "name": "RHSA-2010:0807",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
            },
            {
              "name": "FEDORA-2010-16312",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
            },
            {
              "name": "ADV-2010-2745",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2745"
            },
            {
              "name": "FEDORA-2010-16294",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2010-3541",
    "datePublished": "2010-10-19T21:00:00",
    "dateReserved": "2010-09-20T00:00:00",
    "dateUpdated": "2024-08-07T03:11:44.377Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3567

Vulnerability from cvelistv5

Published

2010-10-19 21:00

Modified

2024-08-07 03:11

Severity ?

Summary

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access.

References

▼	URL	Tags
	http://support.avaya.com/css/P8/documents/100114327	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0865.html	vendor-advisory, x_refsource_REDHAT
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11714	vdb-entry, signature, x_refsource_OVAL
	http://support.avaya.com/css/P8/documents/100114315	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201406-32.xml	vendor-advisory, x_refsource_GENTOO
	http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2010-0770.html	vendor-advisory, x_refsource_REDHAT
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://www.securityfocus.com/bid/43992	vdb-entry, x_refsource_BID
	http://www.redhat.com/support/errata/RHSA-2010-0768.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html	vendor-advisory, x_refsource_FEDORA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12153	vdb-entry, signature, x_refsource_OVAL
	http://www.ubuntu.com/usn/USN-1010-1	vendor-advisory, x_refsource_UBUNTU
	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	x_refsource_CONFIRM
	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html	x_refsource_CONFIRM
	http://www.vmware.com/security/advisories/VMSA-2011-0003.html	x_refsource_CONFIRM
	http://secunia.com/advisories/42974	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/41972	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/3086	vdb-entry, x_refsource_VUPEN
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	https://bugzilla.redhat.com/show_bug.cgi?id=642197	x_refsource_CONFIRM
	http://support.avaya.com/css/P8/documents/100123193	x_refsource_CONFIRM
	http://secunia.com/advisories/42377	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/516397/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html	vendor-advisory, x_refsource_FEDORA

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:11:44.531Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114327"
          },
          {
            "name": "RHSA-2010:0865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11714",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11714"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114315"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "name": "RHSA-2010:0770",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
          },
          {
            "name": "SSRT100333",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "name": "43992",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/43992"
          },
          {
            "name": "RHSA-2010:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
          },
          {
            "name": "FEDORA-2010-16240",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
          },
          {
            "name": "oval:org.mitre.oval:def:12153",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12153"
          },
          {
            "name": "USN-1010-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1010-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "42974",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42974"
          },
          {
            "name": "41972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41972"
          },
          {
            "name": "ADV-2010-3086",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3086"
          },
          {
            "name": "HPSBUX02608",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642197"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100123193"
          },
          {
            "name": "42377",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42377"
          },
          {
            "name": "SUSE-SR:2010:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "FEDORA-2010-16312",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
          },
          {
            "name": "FEDORA-2010-16294",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114327"
        },
        {
          "name": "RHSA-2010:0865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
        },
        {
          "name": "oval:org.mitre.oval:def:11714",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11714"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114315"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "name": "RHSA-2010:0770",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
        },
        {
          "name": "SSRT100333",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "name": "43992",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/43992"
        },
        {
          "name": "RHSA-2010:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
        },
        {
          "name": "FEDORA-2010-16240",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
        },
        {
          "name": "oval:org.mitre.oval:def:12153",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12153"
        },
        {
          "name": "USN-1010-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1010-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "42974",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42974"
        },
        {
          "name": "41972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41972"
        },
        {
          "name": "ADV-2010-3086",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3086"
        },
        {
          "name": "HPSBUX02608",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642197"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100123193"
        },
        {
          "name": "42377",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42377"
        },
        {
          "name": "SUSE-SR:2010:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "FEDORA-2010-16312",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
        },
        {
          "name": "FEDORA-2010-16294",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-3567",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.avaya.com/css/P8/documents/100114327",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114327"
            },
            {
              "name": "RHSA-2010:0865",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
            },
            {
              "name": "oval:org.mitre.oval:def:11714",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11714"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100114315",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114315"
            },
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "HPSBMU02799",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "RHSA-2010:0770",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
            },
            {
              "name": "SSRT100333",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "43992",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/43992"
            },
            {
              "name": "RHSA-2010:0768",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
            },
            {
              "name": "FEDORA-2010-16240",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
            },
            {
              "name": "oval:org.mitre.oval:def:12153",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12153"
            },
            {
              "name": "USN-1010-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1010-1"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
            },
            {
              "name": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html",
              "refsource": "CONFIRM",
              "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
            },
            {
              "name": "42974",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42974"
            },
            {
              "name": "41972",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41972"
            },
            {
              "name": "ADV-2010-3086",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/3086"
            },
            {
              "name": "HPSBUX02608",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=642197",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642197"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100123193",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100123193"
            },
            {
              "name": "42377",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42377"
            },
            {
              "name": "SUSE-SR:2010:019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
            },
            {
              "name": "FEDORA-2010-16312",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
            },
            {
              "name": "FEDORA-2010-16294",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2010-3567",
    "datePublished": "2010-10-19T21:00:00",
    "dateReserved": "2010-09-20T00:00:00",
    "dateUpdated": "2024-08-07T03:11:44.531Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3569

Vulnerability from cvelistv5

Published

2010-10-19 21:00

Modified

2024-08-07 03:11

Severity ?

Summary

References

▼	URL	Tags
	http://support.avaya.com/css/P8/documents/100114327	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0865.html	vendor-advisory, x_refsource_REDHAT
	http://support.avaya.com/css/P8/documents/100114315	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201406-32.xml	vendor-advisory, x_refsource_GENTOO
	http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2010-0770.html	vendor-advisory, x_refsource_REDHAT
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2010-0768.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html	vendor-advisory, x_refsource_FEDORA
	http://www.ubuntu.com/usn/USN-1010-1	vendor-advisory, x_refsource_UBUNTU
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12234	vdb-entry, signature, x_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2010-0987.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2010-0986.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/44954	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2011-0880.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12226	vdb-entry, signature, x_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2010-0873.html	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=639925	x_refsource_CONFIRM
	http://www.vmware.com/security/advisories/VMSA-2011-0003.html	x_refsource_CONFIRM
	http://secunia.com/advisories/42974	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/41972	third-party-advisory, x_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://support.avaya.com/css/P8/documents/100123193	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0786.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/516397/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/41967	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2010-0807.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/2745	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html	vendor-advisory, x_refsource_FEDORA

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:11:44.583Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114327"
          },
          {
            "name": "RHSA-2010:0865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114315"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "name": "SUSE-SA:2010:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
          },
          {
            "name": "RHSA-2010:0770",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
          },
          {
            "name": "SSRT100333",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "name": "RHSA-2010:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
          },
          {
            "name": "FEDORA-2010-16240",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
          },
          {
            "name": "USN-1010-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1010-1"
          },
          {
            "name": "oval:org.mitre.oval:def:12234",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12234"
          },
          {
            "name": "RHSA-2010:0987",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
          },
          {
            "name": "RHSA-2010:0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
          },
          {
            "name": "44954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44954"
          },
          {
            "name": "RHSA-2011:0880",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
          },
          {
            "name": "oval:org.mitre.oval:def:12226",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12226"
          },
          {
            "name": "RHSA-2010:0873",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639925"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "42974",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42974"
          },
          {
            "name": "41972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41972"
          },
          {
            "name": "HPSBUX02608",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100123193"
          },
          {
            "name": "RHSA-2010:0786",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
          },
          {
            "name": "SUSE-SR:2010:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "41967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41967"
          },
          {
            "name": "RHSA-2010:0807",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
          },
          {
            "name": "FEDORA-2010-16312",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
          },
          {
            "name": "ADV-2010-2745",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2745"
          },
          {
            "name": "FEDORA-2010-16294",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114327"
        },
        {
          "name": "RHSA-2010:0865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114315"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "name": "SUSE-SA:2010:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
        },
        {
          "name": "RHSA-2010:0770",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
        },
        {
          "name": "SSRT100333",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "name": "RHSA-2010:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
        },
        {
          "name": "FEDORA-2010-16240",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
        },
        {
          "name": "USN-1010-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1010-1"
        },
        {
          "name": "oval:org.mitre.oval:def:12234",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12234"
        },
        {
          "name": "RHSA-2010:0987",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
        },
        {
          "name": "RHSA-2010:0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
        },
        {
          "name": "44954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44954"
        },
        {
          "name": "RHSA-2011:0880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
        },
        {
          "name": "oval:org.mitre.oval:def:12226",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12226"
        },
        {
          "name": "RHSA-2010:0873",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639925"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "42974",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42974"
        },
        {
          "name": "41972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41972"
        },
        {
          "name": "HPSBUX02608",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100123193"
        },
        {
          "name": "RHSA-2010:0786",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
        },
        {
          "name": "SUSE-SR:2010:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "41967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41967"
        },
        {
          "name": "RHSA-2010:0807",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
        },
        {
          "name": "FEDORA-2010-16312",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
        },
        {
          "name": "ADV-2010-2745",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2745"
        },
        {
          "name": "FEDORA-2010-16294",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-3569",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.avaya.com/css/P8/documents/100114327",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114327"
            },
            {
              "name": "RHSA-2010:0865",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100114315",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114315"
            },
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "HPSBMU02799",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "SUSE-SA:2010:061",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
            },
            {
              "name": "RHSA-2010:0770",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
            },
            {
              "name": "SSRT100333",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "RHSA-2010:0768",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
            },
            {
              "name": "FEDORA-2010-16240",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
            },
            {
              "name": "USN-1010-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1010-1"
            },
            {
              "name": "oval:org.mitre.oval:def:12234",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12234"
            },
            {
              "name": "RHSA-2010:0987",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
            },
            {
              "name": "RHSA-2010:0986",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
            },
            {
              "name": "44954",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44954"
            },
            {
              "name": "RHSA-2011:0880",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
            },
            {
              "name": "oval:org.mitre.oval:def:12226",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12226"
            },
            {
              "name": "RHSA-2010:0873",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=639925",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639925"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
            },
            {
              "name": "42974",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42974"
            },
            {
              "name": "41972",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41972"
            },
            {
              "name": "HPSBUX02608",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100123193",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100123193"
            },
            {
              "name": "RHSA-2010:0786",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
            },
            {
              "name": "SUSE-SR:2010:019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
            },
            {
              "name": "41967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41967"
            },
            {
              "name": "RHSA-2010:0807",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
            },
            {
              "name": "FEDORA-2010-16312",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
            },
            {
              "name": "ADV-2010-2745",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2745"
            },
            {
              "name": "FEDORA-2010-16294",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2010-3569",
    "datePublished": "2010-10-19T21:00:00",
    "dateReserved": "2010-09-20T00:00:00",
    "dateUpdated": "2024-08-07T03:11:44.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3553

Vulnerability from cvelistv5

Published

2010-10-19 21:00

Modified

2024-08-07 03:11

Severity ?

Summary

Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class.

References

▼	URL	Tags
	http://support.avaya.com/css/P8/documents/100114327	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0865.html	vendor-advisory, x_refsource_REDHAT
	http://support.avaya.com/css/P8/documents/100114315	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201406-32.xml	vendor-advisory, x_refsource_GENTOO
	http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2010-0770.html	vendor-advisory, x_refsource_REDHAT
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2010-0768.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2011/0183	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html	vendor-advisory, x_refsource_FEDORA
	http://www.ubuntu.com/usn/USN-1010-1	vendor-advisory, x_refsource_UBUNTU
	http://www.redhat.com/support/errata/RHSA-2010-0987.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2010-0986.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/44954	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11798	vdb-entry, signature, x_refsource_OVAL
	http://www.securityfocus.com/bid/44035	vdb-entry, x_refsource_BID
	http://www.redhat.com/support/errata/RHSA-2011-0880.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2011-0169.html	vendor-advisory, x_refsource_REDHAT
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12545	vdb-entry, signature, x_refsource_OVAL
	http://www.vmware.com/security/advisories/VMSA-2011-0003.html	x_refsource_CONFIRM
	http://secunia.com/advisories/42974	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/41972	third-party-advisory, x_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://support.avaya.com/css/P8/documents/100123193	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0786.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/43005	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/516397/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/2745	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html	vendor-advisory, x_refsource_FEDORA

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:11:44.553Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114327"
          },
          {
            "name": "RHSA-2010:0865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114315"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "name": "SUSE-SA:2010:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
          },
          {
            "name": "RHSA-2010:0770",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
          },
          {
            "name": "SSRT100333",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "name": "RHSA-2010:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
          },
          {
            "name": "ADV-2011-0183",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0183"
          },
          {
            "name": "FEDORA-2010-16240",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
          },
          {
            "name": "USN-1010-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1010-1"
          },
          {
            "name": "RHSA-2010:0987",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
          },
          {
            "name": "RHSA-2010:0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
          },
          {
            "name": "44954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44954"
          },
          {
            "name": "oval:org.mitre.oval:def:11798",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11798"
          },
          {
            "name": "44035",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44035"
          },
          {
            "name": "RHSA-2011:0880",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
          },
          {
            "name": "RHSA-2011:0169",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0169.html"
          },
          {
            "name": "oval:org.mitre.oval:def:12545",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12545"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "42974",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42974"
          },
          {
            "name": "41972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41972"
          },
          {
            "name": "HPSBUX02608",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100123193"
          },
          {
            "name": "RHSA-2010:0786",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
          },
          {
            "name": "43005",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43005"
          },
          {
            "name": "SUSE-SR:2010:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "FEDORA-2010-16312",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
          },
          {
            "name": "ADV-2010-2745",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2745"
          },
          {
            "name": "FEDORA-2010-16294",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114327"
        },
        {
          "name": "RHSA-2010:0865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114315"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "name": "SUSE-SA:2010:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
        },
        {
          "name": "RHSA-2010:0770",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
        },
        {
          "name": "SSRT100333",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "name": "RHSA-2010:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
        },
        {
          "name": "ADV-2011-0183",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0183"
        },
        {
          "name": "FEDORA-2010-16240",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
        },
        {
          "name": "USN-1010-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1010-1"
        },
        {
          "name": "RHSA-2010:0987",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
        },
        {
          "name": "RHSA-2010:0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
        },
        {
          "name": "44954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44954"
        },
        {
          "name": "oval:org.mitre.oval:def:11798",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11798"
        },
        {
          "name": "44035",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44035"
        },
        {
          "name": "RHSA-2011:0880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
        },
        {
          "name": "RHSA-2011:0169",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0169.html"
        },
        {
          "name": "oval:org.mitre.oval:def:12545",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12545"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "42974",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42974"
        },
        {
          "name": "41972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41972"
        },
        {
          "name": "HPSBUX02608",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100123193"
        },
        {
          "name": "RHSA-2010:0786",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
        },
        {
          "name": "43005",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43005"
        },
        {
          "name": "SUSE-SR:2010:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "FEDORA-2010-16312",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
        },
        {
          "name": "ADV-2010-2745",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2745"
        },
        {
          "name": "FEDORA-2010-16294",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-3553",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.avaya.com/css/P8/documents/100114327",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114327"
            },
            {
              "name": "RHSA-2010:0865",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100114315",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114315"
            },
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "HPSBMU02799",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "SUSE-SA:2010:061",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
            },
            {
              "name": "RHSA-2010:0770",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
            },
            {
              "name": "SSRT100333",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "RHSA-2010:0768",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
            },
            {
              "name": "ADV-2011-0183",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0183"
            },
            {
              "name": "FEDORA-2010-16240",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
            },
            {
              "name": "USN-1010-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1010-1"
            },
            {
              "name": "RHSA-2010:0987",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
            },
            {
              "name": "RHSA-2010:0986",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
            },
            {
              "name": "44954",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44954"
            },
            {
              "name": "oval:org.mitre.oval:def:11798",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11798"
            },
            {
              "name": "44035",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44035"
            },
            {
              "name": "RHSA-2011:0880",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
            },
            {
              "name": "RHSA-2011:0169",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0169.html"
            },
            {
              "name": "oval:org.mitre.oval:def:12545",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12545"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
            },
            {
              "name": "42974",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42974"
            },
            {
              "name": "41972",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41972"
            },
            {
              "name": "HPSBUX02608",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100123193",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100123193"
            },
            {
              "name": "RHSA-2010:0786",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
            },
            {
              "name": "43005",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43005"
            },
            {
              "name": "SUSE-SR:2010:019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
            },
            {
              "name": "FEDORA-2010-16312",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
            },
            {
              "name": "ADV-2010-2745",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2745"
            },
            {
              "name": "FEDORA-2010-16294",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2010-3553",
    "datePublished": "2010-10-19T21:00:00",
    "dateReserved": "2010-09-20T00:00:00",
    "dateUpdated": "2024-08-07T03:11:44.553Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3557

Vulnerability from cvelistv5

Published

2010-10-19 21:00

Modified

2024-08-07 03:11

Severity ?

Summary

Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static."

References

▼	URL	Tags
	http://support.avaya.com/css/P8/documents/100114327	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0865.html	vendor-advisory, x_refsource_REDHAT
	http://support.avaya.com/css/P8/documents/100114315	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201406-32.xml	vendor-advisory, x_refsource_GENTOO
	http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/44014	vdb-entry, x_refsource_BID
	http://www.redhat.com/support/errata/RHSA-2010-0770.html	vendor-advisory, x_refsource_REDHAT
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://www.redhat.com/support/errata/RHSA-2010-0768.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2011/0183	vdb-entry, x_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11268	vdb-entry, signature, x_refsource_OVAL
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html	vendor-advisory, x_refsource_FEDORA
	http://www.ubuntu.com/usn/USN-1010-1	vendor-advisory, x_refsource_UBUNTU
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11930	vdb-entry, signature, x_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2010-0987.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2010-0986.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/44954	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.redhat.com/show_bug.cgi?id=639904	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2011-0880.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2011-0169.html	vendor-advisory, x_refsource_REDHAT
	http://www.vmware.com/security/advisories/VMSA-2011-0003.html	x_refsource_CONFIRM
	http://secunia.com/advisories/42974	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/41972	third-party-advisory, x_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748	vendor-advisory, x_refsource_HP
	http://support.avaya.com/css/P8/documents/100123193	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0786.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/43005	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/516397/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/2745	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html	vendor-advisory, x_refsource_FEDORA

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:11:44.404Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114327"
          },
          {
            "name": "RHSA-2010:0865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114315"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "name": "SUSE-SA:2010:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
          },
          {
            "name": "44014",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44014"
          },
          {
            "name": "RHSA-2010:0770",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
          },
          {
            "name": "SSRT100333",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "name": "RHSA-2010:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
          },
          {
            "name": "ADV-2011-0183",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0183"
          },
          {
            "name": "oval:org.mitre.oval:def:11268",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11268"
          },
          {
            "name": "FEDORA-2010-16240",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
          },
          {
            "name": "USN-1010-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1010-1"
          },
          {
            "name": "oval:org.mitre.oval:def:11930",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11930"
          },
          {
            "name": "RHSA-2010:0987",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
          },
          {
            "name": "RHSA-2010:0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
          },
          {
            "name": "44954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44954"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639904"
          },
          {
            "name": "RHSA-2011:0880",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
          },
          {
            "name": "RHSA-2011:0169",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0169.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "42974",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42974"
          },
          {
            "name": "41972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41972"
          },
          {
            "name": "HPSBUX02608",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100123193"
          },
          {
            "name": "RHSA-2010:0786",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
          },
          {
            "name": "43005",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43005"
          },
          {
            "name": "SUSE-SR:2010:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "FEDORA-2010-16312",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
          },
          {
            "name": "ADV-2010-2745",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2745"
          },
          {
            "name": "FEDORA-2010-16294",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of \"behavior and state of certain JDK classes\" and \"mutable static.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114327"
        },
        {
          "name": "RHSA-2010:0865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114315"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "name": "SUSE-SA:2010:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
        },
        {
          "name": "44014",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44014"
        },
        {
          "name": "RHSA-2010:0770",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
        },
        {
          "name": "SSRT100333",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "name": "RHSA-2010:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
        },
        {
          "name": "ADV-2011-0183",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0183"
        },
        {
          "name": "oval:org.mitre.oval:def:11268",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11268"
        },
        {
          "name": "FEDORA-2010-16240",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
        },
        {
          "name": "USN-1010-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1010-1"
        },
        {
          "name": "oval:org.mitre.oval:def:11930",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11930"
        },
        {
          "name": "RHSA-2010:0987",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
        },
        {
          "name": "RHSA-2010:0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
        },
        {
          "name": "44954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44954"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639904"
        },
        {
          "name": "RHSA-2011:0880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
        },
        {
          "name": "RHSA-2011:0169",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0169.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "42974",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42974"
        },
        {
          "name": "41972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41972"
        },
        {
          "name": "HPSBUX02608",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100123193"
        },
        {
          "name": "RHSA-2010:0786",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
        },
        {
          "name": "43005",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43005"
        },
        {
          "name": "SUSE-SR:2010:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "FEDORA-2010-16312",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
        },
        {
          "name": "ADV-2010-2745",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2745"
        },
        {
          "name": "FEDORA-2010-16294",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-3557",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of \"behavior and state of certain JDK classes\" and \"mutable static.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.avaya.com/css/P8/documents/100114327",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114327"
            },
            {
              "name": "RHSA-2010:0865",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100114315",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100114315"
            },
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "HPSBMU02799",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "SUSE-SA:2010:061",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
            },
            {
              "name": "44014",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44014"
            },
            {
              "name": "RHSA-2010:0770",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
            },
            {
              "name": "SSRT100333",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "RHSA-2010:0768",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
            },
            {
              "name": "ADV-2011-0183",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0183"
            },
            {
              "name": "oval:org.mitre.oval:def:11268",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11268"
            },
            {
              "name": "FEDORA-2010-16240",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
            },
            {
              "name": "USN-1010-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1010-1"
            },
            {
              "name": "oval:org.mitre.oval:def:11930",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11930"
            },
            {
              "name": "RHSA-2010:0987",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
            },
            {
              "name": "RHSA-2010:0986",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
            },
            {
              "name": "44954",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44954"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=639904",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639904"
            },
            {
              "name": "RHSA-2011:0880",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
            },
            {
              "name": "RHSA-2011:0169",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0169.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
            },
            {
              "name": "42974",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42974"
            },
            {
              "name": "41972",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41972"
            },
            {
              "name": "HPSBUX02608",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100123193",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100123193"
            },
            {
              "name": "RHSA-2010:0786",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
            },
            {
              "name": "43005",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43005"
            },
            {
              "name": "SUSE-SR:2010:019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
            },
            {
              "name": "FEDORA-2010-16312",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
            },
            {
              "name": "ADV-2010-2745",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2745"
            },
            {
              "name": "FEDORA-2010-16294",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2010-3557",
    "datePublished": "2010-10-19T21:00:00",
    "dateReserved": "2010-09-20T00:00:00",
    "dateUpdated": "2024-08-07T03:11:44.404Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

Vulnerability from csaf_redhat

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Tags