// For flags

CVE-2010-3564

OpenJDK kerberos vulnerability (6958060)

Severity Score

6.4
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that the Kerberos implementation does not properly check AP-REQ requests, which allows attackers to cause a denial of service in the JVM. NOTE: CVE has not investigated the apparent discrepancy between the two vendors regarding the consequences of this issue.

Una vulnerabilidad no especificada en el componente Oracle Communications Messaging Server (Sun Java System Messaging Server) en Sun Products Suite de Oracle versión 7.0, permite a los atacantes remotos afectar a la confidencialidad e integridad por medio de vectores desconocidos relacionados con Webmail. NOTA: la información anterior fue obtenida de la CPU en octubre de 2010. Oracle no ha comentado las afirmaciones de un proveedor aguas abajo confiable de que la implementación de Kerberos no comprueba apropiadamente las peticiones AP-REQ, lo que permite a los atacantes causar una denegación de servicio en la JVM. NOTA: CVE no ha investigado la aparente discrepancia entre los dos proveedores con respecto a las consecuencias de este problema.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-09-20 CVE Reserved
  • 2010-10-14 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (20)
URL Tag Source
http://support.avaya.com/css/P8/documents/100114327 X_refsource_confirm
http://support.avaya.com/css/P8/documents/100123193 X_refsource_confirm
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html X_refsource_confirm
http://www.securityfocus.com/bid/43963 Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA10-287A.html Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12398 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 2017-09-19
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html 2017-09-19
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html 2017-09-19
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html 2017-09-19
http://secunia.com/advisories/41972 2017-09-19
http://secunia.com/advisories/42377 2017-09-19
http://security.gentoo.org/glsa/glsa-201406-32.xml 2017-09-19
http://www.redhat.com/support/errata/RHSA-2010-0768.html 2017-09-19
http://www.redhat.com/support/errata/RHSA-2010-0865.html 2017-09-19
http://www.ubuntu.com/usn/USN-1010-1 2017-09-19
http://www.vupen.com/english/advisories/2010/3086 2017-09-19
https://access.redhat.com/security/cve/CVE-2010-3564 2010-11-10
https://bugzilla.redhat.com/show_bug.cgi?id=639914 2010-11-10
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Oracle
Search vendor "Oracle"
 Sun Products Suite
Search vendor "Oracle" for product "Sun Products Suite"
 7.0
Search vendor "Oracle" for product "Sun Products Suite" and version "7.0"
-
Affected