1. CVE-Search
  2. CVE-2010-0886
ID CVE-2010-0886
Summary Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html 'Notes: 1. Affects the Windows platform only. CVSS 10.0 score assumes running with Administrator privileges. Otherwise, CVSS score of 7.5 with Confidentiality, Integrity and Availability impacts of Partial+, Partial+ and Partial+.'
References
Vulnerable Configurations
  • cpe:2.3:a:sun:jre:1.6.0:update10:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update10:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update11:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update11:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update12:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update12:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update13:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update13:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update14:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update14:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update15:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update15:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update16:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update16:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update17:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update17:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update18:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update18:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update19:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update19:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update10:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update10:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update11:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update11:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update12:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update12:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update13:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update13:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update14:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update14:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update15:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update15:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update16:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update16:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update17:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update17:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update18:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update18:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update19:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update19:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 10-10-2018 - 19:55)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2014-08-18T04:00:55.405-04:00
class vulnerability
contributors
  • name Scott Quint
    organization DTCC
  • name Dragos Prisaca
    organization G2, Inc.
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Java SE Runtime Environment 6 is installed
    oval oval:org.mitre.oval:def:16362
  • comment Java SE Development Kit 6 is installed
    oval oval:org.mitre.oval:def:15831
description Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
family windows
id oval:org.mitre.oval:def:14216
status accepted
submitted 2011-11-25T18:04:00.000-05:00
title Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
version 8
redhat via4
rpms
  • java-1.6.0-sun-1:1.6.0.20-1jpp.1.el4
  • java-1.6.0-sun-1:1.6.0.20-1jpp.1.el5
  • java-1.6.0-sun-demo-1:1.6.0.20-1jpp.1.el4
  • java-1.6.0-sun-demo-1:1.6.0.20-1jpp.1.el5
  • java-1.6.0-sun-devel-1:1.6.0.20-1jpp.1.el4
  • java-1.6.0-sun-devel-1:1.6.0.20-1jpp.1.el5
  • java-1.6.0-sun-jdbc-1:1.6.0.20-1jpp.1.el4
  • java-1.6.0-sun-jdbc-1:1.6.0.20-1jpp.1.el5
  • java-1.6.0-sun-plugin-1:1.6.0.20-1jpp.1.el4
  • java-1.6.0-sun-plugin-1:1.6.0.20-1jpp.1.el5
  • java-1.6.0-sun-src-1:1.6.0.20-1jpp.1.el4
  • java-1.6.0-sun-src-1:1.6.0.20-1jpp.1.el5
refmap via4
apple
  • APPLE-SA-2010-05-18-1
  • APPLE-SA-2010-05-18-2
bugtraq 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
confirm
hp HPSBMU02799
secunia 39819
sunalert
  • 1022294
  • 279590
vupen ADV-2010-1191
saint via4
bid 39492
description Sun Java Web Start command-line argument injection
osvdb 63798
title java_web_start_argument_injection
type client
Last major update 10-10-2018 - 19:55
Published 20-04-2010 - 19:30
Last modified 10-10-2018 - 19:55
Back to Top