Lucene search

[email protected]CVE-2010-4472

HistoryFeb 17, 2011 - 7:00 p.m.

CVE-2010-4472

2011-02-1719:00:01

[email protected]

web.nvd.nist.gov

cve-2010-4472

oracle

java

jre

vulnerability

availability

remote attackers

xml digital signature

apis

nvd

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

8.6 High

AI Score

Confidence

High

0.027 Low

EPSS

Percentile

90.5%

JSON

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the “XML DSig Transform or C14N algorithm implementations.”

Affected configurations

NVD

Node

sunjreRange≤1.6.0update_23

sunjreMatch1.6.0

sunjreMatch1.6.0update_1

sunjreMatch1.6.0update_10

sunjreMatch1.6.0update_11

sunjreMatch1.6.0update_12

sunjreMatch1.6.0update_13

sunjreMatch1.6.0update_14

sunjreMatch1.6.0update_15

sunjreMatch1.6.0update_16

sunjreMatch1.6.0update_17

sunjreMatch1.6.0update_18

sunjreMatch1.6.0update_19

sunjreMatch1.6.0update_2

sunjreMatch1.6.0update_20

sunjreMatch1.6.0update_21

sunjreMatch1.6.0update_22

sunjreMatch1.6.0update_3

sunjreMatch1.6.0update_4

sunjreMatch1.6.0update_5

sunjreMatch1.6.0update_6

sunjreMatch1.6.0update_7

Node

sunjdkRange≤1.6.0update_23

sunjdkMatch1.6.0

sunjdkMatch1.6.0update_10

sunjdkMatch1.6.0update_11

sunjdkMatch1.6.0update_12

sunjdkMatch1.6.0update_13

sunjdkMatch1.6.0update_14

sunjdkMatch1.6.0update_15

sunjdkMatch1.6.0update_16

sunjdkMatch1.6.0update_17

sunjdkMatch1.6.0update_18

sunjdkMatch1.6.0update_19

sunjdkMatch1.6.0update_20

sunjdkMatch1.6.0update_21

sunjdkMatch1.6.0update_22

sunjdkMatch1.6.0update_3

sunjdkMatch1.6.0update_4

sunjdkMatch1.6.0update_5

sunjdkMatch1.6.0update_6

sunjdkMatch1.6.0update_7

sunjdkMatch1.6.0update1

sunjdkMatch1.6.0update1_b06

sunjdkMatch1.6.0update2

CPENameOperatorVersion
sun:jresun jrele1.6.0

CPE	Name	Operator	Version
sun:jre	sun jre	le	1.6.0

References

lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html

lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html

marc.info/?l=bugtraq&m=134254866602253&w=2

marc.info/?l=bugtraq&m=134254957702612&w=2

secunia.com/advisories/43350

security.gentoo.org/glsa/glsa-201406-32.xml

www.debian.org/security/2011/dsa-2224

www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html

www.mandriva.com/security/advisories?name=MDVSA-2011:054

www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html

www.redhat.com/support/errata/RHSA-2011-0281.html

www.redhat.com/support/errata/RHSA-2011-0282.html

www.securityfocus.com/bid/46404

exchange.xforce.ibmcloud.com/vulnerabilities/65411

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12903

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14118

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

8.6 High

AI Score

Confidence

High

0.027 Low

EPSS

Percentile

90.5%

JSON

Related for CVE-2010-4472

cvelist1 veracode1 nvd1 prion1 ubuntucve1 openvas42 nessus28 redhat2 centos1 oraclelinux1 ubuntu3 debian1 osv1 fedora6 suse1 securityvulns1 vmware2 oracle1 gentoo2