CVE-2010-0840

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751	Broken Link
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html	Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=127557596201693&w=2	Mailing List
http://marc.info/?l=bugtraq&m=134254866602253&w=2	Mailing List
http://secunia.com/advisories/39292	Broken Link Vendor Advisory
http://secunia.com/advisories/39317	Broken Link Vendor Advisory
http://secunia.com/advisories/39659	Broken Link Vendor Advisory
http://secunia.com/advisories/39819	Broken Link Vendor Advisory
http://secunia.com/advisories/40211	Broken Link Vendor Advisory
http://secunia.com/advisories/40545	Broken Link Vendor Advisory
http://secunia.com/advisories/43308	Broken Link Vendor Advisory
http://support.apple.com/kb/HT4170	Release Notes Third Party Advisory
http://support.apple.com/kb/HT4171	Release Notes Third Party Advisory
http://ubuntu.com/usn/usn-923-1	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084	Broken Link
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html	Patch Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0337.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0338.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0339.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0383.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0471.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0489.html	Broken Link
http://www.securityfocus.com/archive/1/510528/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/516397/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/39065	Broken Link Third Party Advisory VDB Entry
http://www.vmware.com/security/advisories/VMSA-2011-0003.html	Third Party Advisory
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html	Release Notes
http://www.vupen.com/english/advisories/2010/1107	Broken Link
http://www.vupen.com/english/advisories/2010/1191	Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2010/1454	Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2010/1523	Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2010/1793	Broken Link Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-10-056	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13971	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9974	Broken Link

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:jre:1.4.2_25:::::::*
	cpe:2.3:a:oracle:jre:1.5.0:update23::::::
	cpe:2.3:a:oracle:jre:1.6.0:update18::::::

Configuration 2 (hide)

OR	cpe:2.3:o:opensuse:opensuse:11.0:::::::*
	cpe:2.3:o:opensuse:opensuse:11.1:::::::*
	cpe:2.3:o:opensuse:opensuse:11.2:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*

History

No history.

Information

Published : 2010-04-01 16:30

Updated : 2024-06-28 17:36

NVD link : CVE-2010-0840

Mitre link : CVE-2010-0840

CVE.ORG link : CVE-2010-0840

JSON object : View

Products Affected

opensuse

opensuse

oracle

canonical

ubuntu_linux

CWE

NVD-CWE-noinfo

9.8 /10