CVE-2010-4452
Oracle Java Unsigned Applet Applet2ClassLoader Remote Code Execution Vulnerability
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.
Vulnerabilidad no especificada en el componente Deployment en Java Runtime Environment (JRE) en Oracle Jave SE y Java for Business v6 Update v23 y anteriores permite a aplicaciones remotas Java Web Start no confiables y applets Java no confiables vulnerar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the findClass method of the sun.plugin2.applet.Applet2ClassLoader class. Due to a failure to properly validate URLs supplied by an implicitly trusted applet, it is possible to execute arbitrary code on Windows 32-bit and 64-bit, as well as Linux 32-bit platforms under the context of the SYSTEM user.
*Credits:
Frederic Hoguin
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-12-06 CVE Reserved
- 2011-02-15 CVE Published
- 2011-03-16 First Exploit
- 2024-07-15 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/44954 | Third Party Advisory | |
| http://securityreason.com/securityalert/8145 | Third Party Advisory | |
| http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html | X_refsource_confirm |
|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12927 | Signature | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14230 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/16990 | 2011-03-16 |
| URL | Date | SRC |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html | 2017-12-22 |
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=134254866602253&w=2 | 2017-12-22 | |
| http://marc.info/?l=bugtraq&m=134254957702612&w=2 | 2017-12-22 | |
| http://www.redhat.com/support/errata/RHSA-2011-0282.html | 2017-12-22 | |
| http://www.redhat.com/support/errata/RHSA-2011-0880.html | 2017-12-22 | |
| https://access.redhat.com/security/cve/CVE-2010-4452 | 2011-06-16 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=677968 | 2011-06-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | <= 1.6.0 Search vendor "Sun" for product "Jre" and version " <= 1.6.0" | update_23 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_1 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_10 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_11 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_12 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_13 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_14 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_15 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_16 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_17 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_18 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_19 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_2 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_20 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_21 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_22 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_3 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_4 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_5 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_6 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.6.0 Search vendor "Sun" for product "Jre" and version "1.6.0" | update_7 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | <= 1.6.0 Search vendor "Sun" for product "Jdk" and version " <= 1.6.0" | update_23 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update_10 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update_11 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update_12 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update_13 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update_14 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update_15 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update_16 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update_17 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update_18 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update_19 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update_20 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update_21 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update_22 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update_3 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update_4 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update_5 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update_6 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update_7 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update1 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update1_b06 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 1.6.0 Search vendor "Sun" for product "Jdk" and version "1.6.0" | update2 |
Affected
| ||||||