ID CVE-2010-4451
Summary Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.
References
Vulnerable Configurations
  • Sun JRE 1.6.0
    cpe:2.3:a:sun:jre:1.6.0
  • Sun JRE 1.6.0 Update 1
    cpe:2.3:a:sun:jre:1.6.0:update_1
  • Sun JRE 1.6.0 Update 10
    cpe:2.3:a:sun:jre:1.6.0:update_10
  • Sun JRE 1.6.0 Update 11
    cpe:2.3:a:sun:jre:1.6.0:update_11
  • Sun JRE 1.6.0 Update 12
    cpe:2.3:a:sun:jre:1.6.0:update_12
  • Sun JRE 1.6.0 Update 13
    cpe:2.3:a:sun:jre:1.6.0:update_13
  • Sun JRE 1.6.0 Update 14
    cpe:2.3:a:sun:jre:1.6.0:update_14
  • Sun JRE 1.6.0 Update 15
    cpe:2.3:a:sun:jre:1.6.0:update_15
  • Sun JRE 1.6.0 Update 16
    cpe:2.3:a:sun:jre:1.6.0:update_16
  • Sun JRE 1.6.0 Update 17
    cpe:2.3:a:sun:jre:1.6.0:update_17
  • Sun JRE 1.6.0 Update 18
    cpe:2.3:a:sun:jre:1.6.0:update_18
  • Sun JRE 1.6.0 Update 19
    cpe:2.3:a:sun:jre:1.6.0:update_19
  • Sun JRE 1.6.0 Update 2
    cpe:2.3:a:sun:jre:1.6.0:update_2
  • Sun JRE 1.6.0 Update 20
    cpe:2.3:a:sun:jre:1.6.0:update_20
  • Sun JRE 1.6.0 Update 21
    cpe:2.3:a:sun:jre:1.6.0:update_21
  • cpe:2.3:a:sun:jre:1.6.0:update_22
    cpe:2.3:a:sun:jre:1.6.0:update_22
  • cpe:2.3:a:sun:jre:1.6.0:update_23
    cpe:2.3:a:sun:jre:1.6.0:update_23
  • Sun JRE 1.6.0 Update 3
    cpe:2.3:a:sun:jre:1.6.0:update_3
  • Sun JRE 1.6.0 Update 4
    cpe:2.3:a:sun:jre:1.6.0:update_4
  • Sun JRE 1.6.0 Update 5
    cpe:2.3:a:sun:jre:1.6.0:update_5
  • Sun JRE 1.6.0 Update 6
    cpe:2.3:a:sun:jre:1.6.0:update_6
  • Sun JRE 1.6.0 Update 7
    cpe:2.3:a:sun:jre:1.6.0:update_7
  • Sun JDK 1.6.0
    cpe:2.3:a:sun:jdk:1.6.0
  • Sun JDK 6 Update 1
    cpe:2.3:a:sun:jdk:1.6.0:update1
  • Sun JDK 1.6.0_01-b06
    cpe:2.3:a:sun:jdk:1.6.0:update1_b06
  • Sun JDK 6 Update 2
    cpe:2.3:a:sun:jdk:1.6.0:update2
  • Sun JDK 1.6.0 Update 10
    cpe:2.3:a:sun:jdk:1.6.0:update_10
  • Sun JDK 1.6.0 Update 11
    cpe:2.3:a:sun:jdk:1.6.0:update_11
  • Sun JDK 1.6.0 Update 12
    cpe:2.3:a:sun:jdk:1.6.0:update_12
  • Sun JDK 1.6.0 Update 13
    cpe:2.3:a:sun:jdk:1.6.0:update_13
  • Sun JDK 1.6.0 Update 14
    cpe:2.3:a:sun:jdk:1.6.0:update_14
  • Sun JDK 1.6.0 Update 15
    cpe:2.3:a:sun:jdk:1.6.0:update_15
  • Sun JDK 1.6.0 Update 16
    cpe:2.3:a:sun:jdk:1.6.0:update_16
  • Sun JDK 1.6.0 Update 17
    cpe:2.3:a:sun:jdk:1.6.0:update_17
  • Sun JDK 1.6.0 Update 18
    cpe:2.3:a:sun:jdk:1.6.0:update_18
  • Sun JDK 1.6.0 Update 19
    cpe:2.3:a:sun:jdk:1.6.0:update_19
  • Sun JDK 1.6.0 Update 20
    cpe:2.3:a:sun:jdk:1.6.0:update_20
  • Sun JDK 1.6.0 Update 21
    cpe:2.3:a:sun:jdk:1.6.0:update_21
  • cpe:2.3:a:sun:jdk:1.6.0:update_22
    cpe:2.3:a:sun:jdk:1.6.0:update_22
  • cpe:2.3:a:sun:jdk:1.6.0:update_23
    cpe:2.3:a:sun:jdk:1.6.0:update_23
  • Sun JDK 1.6.0 Update 3
    cpe:2.3:a:sun:jdk:1.6.0:update_3
  • Sun JDK 1.6.0 Update 4
    cpe:2.3:a:sun:jdk:1.6.0:update_4
  • Sun JDK 1.6.0 Update 5
    cpe:2.3:a:sun:jdk:1.6.0:update_5
  • Sun JDK 1.6.0 Update 6
    cpe:2.3:a:sun:jdk:1.6.0:update_6
  • Sun JDK 1.6.0 Update 7
    cpe:2.3:a:sun:jdk:1.6.0:update_7
CVSS
Base: 7.6 (as of 18-02-2011 - 12:40)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_JAVA-1_6_0-SUN-110314.NASL
    description Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. Following CVEs were addressed: CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4467 CVE-2010-4469 CVE-2010-4473 CVE-2010-4422 CVE-2010-4451 CVE-2010-4466 CVE-2010-4470 CVE-2010-4471 CVE-2010-4476 CVE-2010-4447 CVE-2010-4475 CVE-2010-4468 CVE-2010-4450 CVE-2010-4448 CVE-2010-4472 CVE-2010-4474
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 75872
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75872
    title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-4147)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_6_0-SUN-110217.NASL
    description Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. The following CVEs were addressed : CVE-2010-4452 / CVE-2010-4454 / CVE-2010-4462 / CVE-2010-4463 / CVE-2010-4465 / CVE-2010-4467 / CVE-2010-4469 / CVE-2010-4473 / CVE-2010-4422 / CVE-2010-4451 / CVE-2010-4466 / CVE-2010-4470 / CVE-2010-4471 / CVE-2010-4476 / CVE-2010-4447 / CVE-2010-4475 / CVE-2010-4468 / CVE-2010-4450 / CVE-2010-4448 / CVE-2010-4472 / CVE-2010-4474
    last seen 2019-02-21
    modified 2013-11-18
    plugin id 52067
    published 2011-02-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52067
    title SuSE 11.1 Security Update : Sun Java 1.6 (SAT Patch Number 3976)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0282.NASL
    description Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the 'Oracle Java SE and Java for Business Critical Patch Update Advisory' page, listed in the References section. (CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which resolve these issues. All running instances of Sun Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 52021
    published 2011-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52021
    title RHEL 4 / 5 / 6 : java-1.6.0-sun (RHSA-2011:0282)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2011-0013.NASL
    description a. ESX third-party update for Service Console openssl RPM The Service Console openssl RPM is updated to openssl-0.9.8e.12.el5_5.7 resolving two security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. b. ESX third-party update for Service Console libuser RPM The Service Console libuser RPM is updated to version 0.54.7-2.1.el5_5.2 to resolve a security issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2011-0002 to this issue. c. ESX third-party update for Service Console nss and nspr RPMs The Service Console Network Security Services (NSS) and Netscape Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1 and nss-3.12.8-4 resolving multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3170 and CVE-2010-3173 to these issues. d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24 Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475 and CVE-2010-4476. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and CVE-2010-3574. e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30 Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873, CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814, CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476. f. Integer overflow in VMware third-party component sfcb This release resolves an integer overflow issue present in the third-party library SFCB when the httpMaxContentLength has been changed from its default value to 0 in in /etc/sfcb/sfcb.cfg. The integer overflow could allow remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2054 to this issue.
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 56665
    published 2011-10-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56665
    title VMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110217_JAVA__JDK_1_6_0__ON_SL4_X.NASL
    description This update fixes several vulnerabilities in the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the 'Oracle Java SE and Java for Business Critical Patch Update Advisory' page. (CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476) All running instances of Sun Java must be restarted for the update to take effect. NOTE: jdk-1.6.0_20-fcs.x86_64.rpm has not been signed. We cannot sign this package without breaking it.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 60964
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60964
    title Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_JAVA-1_6_0-SUN-110217.NASL
    description Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. Following CVEs were addressed: CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4467 CVE-2010-4469 CVE-2010-4473 CVE-2010-4422 CVE-2010-4451 CVE-2010-4466 CVE-2010-4470 CVE-2010-4471 CVE-2010-4476 CVE-2010-4447 CVE-2010-4475 CVE-2010-4468 CVE-2010-4450 CVE-2010-4448 CVE-2010-4472 CVE-2010-4474
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53736
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53736
    title openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0126-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201111-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201111-02 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Impact : A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 56724
    published 2011-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56724
    title GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST)
  • NASL family Windows
    NASL id ORACLE_JAVA_CPU_FEB_2011.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 24 / 5.0 Update 28 / 1.4.2_30. Such versions are potentially affected by security issue in the following components : - Deployment - HotSpot - Install - JAXP - Java Language - JDBC - Launcher - Networking - Security - Sound - Swing - XML Digital Signature - 2D
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 52002
    published 2011-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52002
    title Oracle Java SE Multiple Vulnerabilities (February 2011 CPU)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_JAVA-1_6_0-SUN-110217.NASL
    description Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. Following CVEs were addressed: CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4467 CVE-2010-4469 CVE-2010-4473 CVE-2010-4422 CVE-2010-4451 CVE-2010-4466 CVE-2010-4470 CVE-2010-4471 CVE-2010-4476 CVE-2010-4447 CVE-2010-4475 CVE-2010-4468 CVE-2010-4450 CVE-2010-4448 CVE-2010-4472 CVE-2010-4474
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75541
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75541
    title openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0126-1)
  • NASL family Misc.
    NASL id ORACLE_JAVA_CPU_FEB_2011_UNIX.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 24 / 5.0 Update 28 / 1.4.2_30. Such versions are potentially affected by security issues in the following components : - Deployment - HotSpot - Install - JAXP - Java Language - JDBC - Launcher - Networking - Security - Sound - Swing - XML Digital Signature - 2D
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 64844
    published 2013-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64844
    title Oracle Java SE Multiple Vulnerabilities (February 2011 CPU) (Unix)
  • NASL family Misc.
    NASL id VMWARE_VMSA-2011-0013_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Java Runtime Environment (JRE) - libuser - Netscape Portable Runtime (NSPR) - Network Security Services (NSS) - OpenSSL
    last seen 2019-02-21
    modified 2018-08-16
    plugin id 89681
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89681
    title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_6_0-SUN-7342.NASL
    description Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun. Following CVEs were addressed : CVE-2010-4452 / CVE-2010-4454 / CVE-2010-4462 / CVE-2010-4463 / CVE-2010-4465 / CVE-2010-4467 / CVE-2010-4469 / CVE-2010-4473 / CVE-2010-4422 / CVE-2010-4451 / CVE-2010-4466 / CVE-2010-4470 / CVE-2010-4471 / CVE-2010-4476 / CVE-2010-4447 / CVE-2010-4475 / CVE-2010-4468 / CVE-2010-4450 / CVE-2010-4448 / CVE-2010-4472 / CVE-2010-4474
    last seen 2019-02-21
    modified 2013-11-18
    plugin id 52068
    published 2011-02-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52068
    title SuSE 10 Security Update : IBM Java 1.6 (ZYPP Patch Number 7342)
oval via4
accepted 2014-08-18T04:00:48.505-04:00
class vulnerability
contributors
  • name Scott Quint
    organization DTCC
  • name Dragos Prisaca
    organization G2, Inc.
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Java SE Development Kit 6 is installed
    oval oval:org.mitre.oval:def:15831
  • comment Java SE Runtime Environment 6 is installed
    oval oval:org.mitre.oval:def:16362
description Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.
family windows
id oval:org.mitre.oval:def:13942
status accepted
submitted 2011-11-25T18:04:12.000-05:00
title Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.
version 8
redhat via4
advisories
rhsa
id RHSA-2011:0282
refmap via4
bid 46405
confirm http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html
hp
  • HPSBMU02797
  • HPSBMU02799
  • SSRT100867
xf oracle-runtime-http-code-execution(65402)
Last major update 22-08-2016 - 22:02
Published 17-02-2011 - 14:00
Last modified 21-12-2017 - 21:29
Back to Top