Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2010-0094

Disclosure Date: April 01, 2010
CVE-2010-0094
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
exploit/multi/browser/java_rmi_connection_impl
Reporter
Unknown

Vendors

  • sun

Products

  • jdk,
  • jdk 1.5.0,
  • jdk 1.6.0,
  • jre,
  • jre 1.5.0,
  • jre 1.6.0

References

Canonical
CVE-2010-0094 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094)
Advisory
APPLE-SA-2010-05-18-1 (http://lists.apple.com/archives/security-announce/2010//May/msg00001.html)
HPSBMU02799 (http://marc.info?l=bugtraq&m=134254866602253&w=2)
SECUNIA-39317 (http://secunia.com/advisories/39317)
http://www.redhat.com/support/errata/RHSA-2010-0383.html
SECUNIA-40545 (http://secunia.com/advisories/40545)
ADV-2010-1454 (http://www.vupen.com/english/advisories/2010/1454)
SECUNIA-39819 (http://secunia.com/advisories/39819)
ADV-2010-1107 (http://www.vupen.com/english/advisories/2010/1107)
http://www.redhat.com/support/errata/RHSA-2010-0338.html
ADV-2010-1793 (http://www.vupen.com/english/advisories/2010/1793)
APPLE-SA-2010-05-18-2 (http://lists.apple.com/archives/security-announce/2010//May/msg00002.html)
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
SECUNIA-43308 (http://secunia.com/advisories/43308)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
SSRT100179 (http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751)
SSRT100089 (http://marc.info?l=bugtraq&m=127557596201693&w=2)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html
http://www.redhat.com/support/errata/RHSA-2010-0339.html
SECUNIA-39292 (http://secunia.com/advisories/39292)
http://support.apple.com/kb/HT4170
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
SECUNIA-39659 (http://secunia.com/advisories/39659)
http://www.redhat.com/support/errata/RHSA-2010-0471.html
USN-923-1 (http://ubuntu.com/usn/usn-923-1)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.redhat.com/support/errata/RHSA-2010-0337.html
20100405 ZDI-10-051: Sun Java Runtime RMIConnectionImpl Privileged Context Remote Code Execution Vulnerability (http://www.securityfocus.com/archive/1/510527/100/0/threaded)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14351
http://support.apple.com/kb/HT4171
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (http://www.securityfocus.com/archive/1/516397/100/0/threaded)
ADV-2010-1191 (http://www.vupen.com/english/advisories/2010/1191)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10851
Miscellaneous
http://www.zerodayinitiative.com/advisories/ZDI-10-051

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis