Vulnerabilidad en el componente Java Runtime Environment en Oracle Java SE y Java for Business (CVE-2010-0840)
Gravedad CVSS v3.1:
CRÍTICA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
01/04/2010
Última modificación:
11/04/2025
Descripción
Vulnerabilidad no especificada en el componente Java Runtime Environment en Oracle Java SE y Java for Business 6 Update 18, 5.0 Update 23 y 1.4.2_25 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. NOTA: la información previa fue obtenida de la CPU Marzo 2010. Oracle no ha comentado sobre alegaciones de un investigador confiable de que esto está relacionado con los controles inadecuados en la ejecución de los métodos privilegiados en Java Runtime Environment (JRE), lo que permite a atacantes ejecutar código arbitrario a través de (1) un objeto no confiable que amplía la clase de confianza, pero no ha modificado un determinado método o (2) "una problema de confianza similar con las interfaces", también conocido como "Trusted Methods Chaining Remote Code Execution Vulnerability".
Impacto
Puntuación base 3.x
9.80
Gravedad 3.x
CRÍTICA
Puntuación base 2.0
7.50
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:oracle:jre:1.4.2_25:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:jre:1.5.0:update23:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:jre:1.6.0:update18:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
- http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
- http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
- http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
- http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
- http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://marc.info/?l=bugtraq&m=127557596201693&w=2
- http://marc.info/?l=bugtraq&m=127557596201693&w=2
- http://marc.info/?l=bugtraq&m=127557596201693&w=2
- http://marc.info/?l=bugtraq&m=127557596201693&w=2
- http://marc.info/?l=bugtraq&m=134254866602253&w=2
- http://secunia.com/advisories/39292
- http://secunia.com/advisories/39317
- http://secunia.com/advisories/39659
- http://secunia.com/advisories/39819
- http://secunia.com/advisories/40211
- http://secunia.com/advisories/40545
- http://secunia.com/advisories/43308
- http://support.apple.com/kb/HT4170
- http://support.apple.com/kb/HT4171
- http://ubuntu.com/usn/usn-923-1
- http://www.mandriva.com/security/advisories?name=MDVSA-2010%3A084
- http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
- http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html
- http://www.redhat.com/support/errata/RHSA-2010-0337.html
- http://www.redhat.com/support/errata/RHSA-2010-0338.html
- http://www.redhat.com/support/errata/RHSA-2010-0339.html
- http://www.redhat.com/support/errata/RHSA-2010-0383.html
- http://www.redhat.com/support/errata/RHSA-2010-0471.html
- http://www.redhat.com/support/errata/RHSA-2010-0489.html
- http://www.securityfocus.com/archive/1/510528/100/0/threaded
- http://www.securityfocus.com/archive/1/516397/100/0/threaded
- http://www.securityfocus.com/bid/39065
- http://www.vmware.com/security/advisories/VMSA-2011-0003.html
- http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
- http://www.vupen.com/english/advisories/2010/1107
- http://www.vupen.com/english/advisories/2010/1191
- http://www.vupen.com/english/advisories/2010/1454
- http://www.vupen.com/english/advisories/2010/1523
- http://www.vupen.com/english/advisories/2010/1793
- http://www.zerodayinitiative.com/advisories/ZDI-10-056
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13971
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9974
- http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
- http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
- http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
- http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
- http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
- http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://marc.info/?l=bugtraq&m=127557596201693&w=2
- http://marc.info/?l=bugtraq&m=127557596201693&w=2
- http://marc.info/?l=bugtraq&m=127557596201693&w=2
- http://marc.info/?l=bugtraq&m=127557596201693&w=2
- http://marc.info/?l=bugtraq&m=134254866602253&w=2
- http://secunia.com/advisories/39292
- http://secunia.com/advisories/39317
- http://secunia.com/advisories/39659
- http://secunia.com/advisories/39819
- http://secunia.com/advisories/40211
- http://secunia.com/advisories/40545
- http://secunia.com/advisories/43308
- http://support.apple.com/kb/HT4170
- http://support.apple.com/kb/HT4171
- http://ubuntu.com/usn/usn-923-1
- http://www.mandriva.com/security/advisories?name=MDVSA-2010%3A084
- http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
- http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html
- http://www.redhat.com/support/errata/RHSA-2010-0337.html
- http://www.redhat.com/support/errata/RHSA-2010-0338.html
- http://www.redhat.com/support/errata/RHSA-2010-0339.html
- http://www.redhat.com/support/errata/RHSA-2010-0383.html
- http://www.redhat.com/support/errata/RHSA-2010-0471.html
- http://www.redhat.com/support/errata/RHSA-2010-0489.html
- http://www.securityfocus.com/archive/1/510528/100/0/threaded
- http://www.securityfocus.com/archive/1/516397/100/0/threaded
- http://www.securityfocus.com/bid/39065
- http://www.vmware.com/security/advisories/VMSA-2011-0003.html
- http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
- http://www.vupen.com/english/advisories/2010/1107
- http://www.vupen.com/english/advisories/2010/1191
- http://www.vupen.com/english/advisories/2010/1454
- http://www.vupen.com/english/advisories/2010/1523
- http://www.vupen.com/english/advisories/2010/1793
- http://www.zerodayinitiative.com/advisories/ZDI-10-056
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13971
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9974