CVE-2010-0085Time-of-check Time-of-use (TOCTOU) Race Condition in JDK

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition7 documents6 sources
Severity
5.1MEDIUMNVD
EPSS
3.6%
top 12.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
SUN JDKSUN JRESUN SDK
Timeline
PublishedApr 1
Latest updateMay 2

Description

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages3 packages

NVDsun/jdk1.6.0+38
NVDsun/jre1.6.0+57
NVDsun/sdk1.4.2_25+60

🔴Vulnerability Details

2
GHSA
GHSA-p23w-f9f7-7w5r: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 52022-05-02
CVEList
CVE-2010-0085: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 52010-04-01

📋Vendor Advisories

3
Ubuntu
OpenJDK vulnerabilities2010-04-07
Red Hat
OpenJDK File TOCTOU deserialization vulnerability (6736390)2010-03-30
Red Hat
OpenJDK Inflater/Deflater clone issues (6745393)2010-03-30

💬Community

1
Bugzilla
CVE-2010-0085 OpenJDK File TOCTOU deserialization vulnerability (6736390)2010-03-22
CVE-2010-0085 — SUN JDK vulnerability | cvebase