CVE-2010-0840
published 2010-04-01CVE-2010-0840: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows…
PriorityP195critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOITRansomware
CISA Known Exploited Vulnerabilitydue 2022-06-15
Exploited in the wild
EPSS
96.17%
99.9th percentile
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| oracle | jre | — | — |
| oracle | jre | — | — |
| oracle | jre | — | — |
| vmware | esxi | — | — |
| vmware | vmware_tools | — | — |
| vmware | vmware_vcenter_server | — | — |
| vmware | vmware_vsphere | — | — |
| vmware | vmware_workstation | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://slightlyrandombrokenthoughts.blogspot.com/2010/04/java-trusted-method-chaining-cve-2010.html↗
- →Detect HTTP responses serving a JAR file with path ending in '.jar' that contains the class files vuln/Exploit.class, vuln/Exploit$1.class, and vuln/Link.class — characteristic of the CVE-2010-0840 Metasploit exploit module. ↗
- →Detect HTML pages delivering a Java applet with archive=Applet.jar and the lure text 'Loading, Please Wait...' — consistent with the exploit's generated HTML page. ↗
- →Monitor for Java applet privilege escalation via Statement.invoke() trusted method chaining — an untrusted object extending a trusted class to execute code in a privileged context. ↗
- →Flag deferred calls to trusted applet methods from untrusted applet or application contexts — the exploit mechanism involves incorrect permissions granted to deferred trusted applet method calls. ↗
- ·The exploit targets Java 6 prior to Update 19 and Java 5 prior to Update 23; instances running these versions in browser-facing or internet-exposed contexts are at highest risk. ↗
- ·The Metasploit module supports Java, Windows x86, and Linux x86 payloads with up to 20480 bytes of payload space, meaning defenders should expect cross-platform exploitation attempts. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
cisa9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu5.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Oracle JRE Unspecified Vulnerability
cisa·2022-05-25·CVSS 9.8
CVE-2010-0840 [CRITICAL] Oracle JRE Unspecified Vulnerability
Vulnerability: Oracle JRE Unspecified Vulnerability
Affected: Oracle Java Runtime Environment (JRE)
Unspecified vulnerability in the Java Runtime Environment (JRE) in Java SE component allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2010-0840
Remediation Due Date: 2022-06-15
VMware
Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
vendor_vmware·2011-02-10·CVSS 5.0
CVE-2008-0085 [MEDIUM] Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
VMSA-2011-0003: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX VMware Security Advisory VMware Security Advisory Advisory ID: VMware Security Advisory Synopsis: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX VMware Security Advisory Issue date: VMware Security Advisory Updated on: VMware Security Advisory CVE numbers:
CVEs: CVE-2008-0085, CVE-2008-0086, CVE-2008-0106, CVE-2008-0107, CVE-2008-3825, CVE-2008-5416, CVE-2009-1384, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2009-3555, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0008, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085,
Ubuntu
OpenJDK vulnerabilities
vendor_ubuntu·2010-04-07·CVSS 5.8
CVE-2009-3555 [MEDIUM] OpenJDK vulnerabilities
Title: OpenJDK vulnerabilities
Summary: OpenJDK vulnerabilities
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols. If an attacker could perform a machine-in-the-middle attack at the
start of a TLS connection, the attacker could inject arbitrary content
at the beginning of the user's session. (CVE-2009-3555)
It was discovered that Loader-constraint table, Policy/PolicyFile,
Inflater/Deflater, drag/drop access, and deserialization did not correctly
handle certain sensitive objects. If a user were tricked into running a
specially crafted applet, private information could be leaked to a remote
attacker, leading to a loss of privacy. (CVE-2010-0082, CVE-2010-0084,
CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0094)
It was discovered that AtomicReferenceAr
Red Hat
OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
vendor_redhat·2010-03-30·CVSS 9.8
CVE-2010-0840 [CRITICAL] OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chain
GHSA
GHSA-8rrv-3xx7-wmfc: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5
ghsa_unreviewed·2022-05-02
CVE-2010-0840 [HIGH] GHSA-8rrv-3xx7-wmfc: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."
VulnCheck
Oracle JRE Unspecified Vulnerability
vulncheck·2010·CVSS 9.8
CVE-2010-0840 [CRITICAL] Oracle JRE Unspecified Vulnerability
Oracle JRE Unspecified Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) in Java SE component allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors.
Affected: Oracle Java Runtime Environment (JRE)
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.hkcert.org/blog/large-scale-injection-incidents-targeting-oscommerce-websites; https://cybersecurityworks.com/pdf/ransomware/Spotlight_Ransomware2021.pdf; https://dl.acm.org/doi/pdf/10.1145/3465481.3465758; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-06-15
Suricata
GPL POP3 APOP overflow attempt
suricata·2010-09-23
CVE-2000-0840 GPL POP3 APOP overflow attempt
GPL POP3 APOP overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"GPL POP3 APOP overflow attempt"; flow:established,to_server; content:"APOP"; nocase; isdataat:256,relative; pcre:"/^APOP\s[^\n]{256}/smi"; reference:bugtraq,1652; reference:cve,2000-0840; reference:cve,2000-0841; reference:nessus,10559; classtype:attempted-admin; sid:2101635; rev:15; metadata:created_at 2010_09_23, cve CVE_2000_0840, confidence Medium, signature_severity Major, updated_at 2024_03_08;)
Exploit-DB
Java - 'Statement.invoke()' Trusted Method Chain (Metasploit)
exploitdb·2010-12-15
CVE-2010-0840 Java - 'Statement.invoke()' Trusted Method Chain (Metasploit)
Java - 'Statement.invoke()' Trusted Method Chain (Metasploit)
---
##
# $Id: java_trusted_chain.rb 11345 2010-12-15 22:46:22Z egypt $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
require 'rex'
class Metasploit3 false })
def initialize( info = {} )
super( update_info( info,
'Name' => 'Java Statement.invoke() Trusted Method Chain Exploit',
'Description' => %q{
This module exploits a vulnerability in Java Runtime Environment
that allows an untrusted method to run in a privileged context. The
vulnerability affects version 6 prior to update 19 and version 5
pr
Metasploit
Java Statement.invoke() Trusted Method Chain Privilege Escalation
metasploit
Java Statement.invoke() Trusted Method Chain Privilege Escalation
Java Statement.invoke() Trusted Method Chain Privilege Escalation
This module exploits a vulnerability in Java Runtime Environment that allows an untrusted method to run in a privileged context. The vulnerability affects version 6 prior to update 19 and version 5 prior to update 23.
Bugzilla
CVE-2010-0840 OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
bugzilla·2010-03-22·CVSS 9.8
CVE-2010-0840 [CRITICAL] CVE-2010-0840 OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
CVE-2010-0840 OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
Deferred calls to trusted applet methods could be granted incorrect permissions, allowing an untrusted applet or application to extend its privileges.
Discussion:
This is now public:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2010:0339 https://rhn.redhat.com/errata/RHSA-2010-0339.html
---
This issue has been addressed in following products:
Extras for RHEL 4
Extras for Red Hat Enterprise Linux 5
Via RHSA-2010:0337 https://rhn.redhat.com/errata/RHSA-2010-0337.html
---
This issue has been addressed in following products:
Extras for RHEL 4
Ex
Securelist
Investigation Report for the September 2014 Equation malware detection incident in the US
blogs_securelist·2017-11-16
Investigation Report for the September 2014 Equation malware detection incident in the US
Authors
- Kaspersky
## Background
In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were true, we decided to conduct an internal investigation to attempt to answer a few questions we had related to the article and some others that followed it:
1. Was our software used outside of its intended functionality to pull classified information from a person’s c
Securelist
Investigation Report for the September 2014 Equation malware detection incident in the US
blogs_securelist·2017-11-16
Investigation Report for the September 2014 Equation malware detection incident in the US
Authors
Kaspersky
## Background
In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were true, we decided to conduct an internal investigation to attempt to answer a few questions we had related to the article and some others that followed it:
Was our software used outside of its intended functionality to pull classified information from a person’s comput
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751http://lists.apple.com/archives/security-announce/2010//May/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2010//May/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.htmlhttp://marc.info/?l=bugtraq&m=127557596201693&w=2http://marc.info/?l=bugtraq&m=134254866602253&w=2http://secunia.com/advisories/39292http://secunia.com/advisories/39317http://secunia.com/advisories/39659http://secunia.com/advisories/39819http://secunia.com/advisories/40211http://secunia.com/advisories/40545http://secunia.com/advisories/43308http://support.apple.com/kb/HT4170http://support.apple.com/kb/HT4171http://ubuntu.com/usn/usn-923-1http://www.mandriva.com/security/advisories?name=MDVSA-2010:084http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlhttp://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0337.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0338.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0339.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0383.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0471.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0489.htmlhttp://www.securityfocus.com/archive/1/510528/100/0/threadedhttp://www.securityfocus.com/archive/1/516397/100/0/threadedhttp://www.securityfocus.com/bid/39065http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlhttp://www.vupen.com/english/advisories/2010/1107http://www.vupen.com/english/advisories/2010/1191http://www.vupen.com/english/advisories/2010/1454http://www.vupen.com/english/advisories/2010/1523http://www.vupen.com/english/advisories/2010/1793http://www.zerodayinitiative.com/advisories/ZDI-10-056https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13971https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9974http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751http://lists.apple.com/archives/security-announce/2010//May/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2010//May/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.htmlhttp://marc.info/?l=bugtraq&m=127557596201693&w=2http://marc.info/?l=bugtraq&m=134254866602253&w=2http://secunia.com/advisories/39292http://secunia.com/advisories/39317http://secunia.com/advisories/39659http://secunia.com/advisories/39819http://secunia.com/advisories/40211http://secunia.com/advisories/40545http://secunia.com/advisories/43308http://support.apple.com/kb/HT4170http://support.apple.com/kb/HT4171http://ubuntu.com/usn/usn-923-1http://www.mandriva.com/security/advisories?name=MDVSA-2010:084http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlhttp://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0337.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0338.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0339.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0383.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0471.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0489.htmlhttp://www.securityfocus.com/archive/1/510528/100/0/threadedhttp://www.securityfocus.com/archive/1/516397/100/0/threadedhttp://www.securityfocus.com/bid/39065http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlhttp://www.vupen.com/english/advisories/2010/1107http://www.vupen.com/english/advisories/2010/1191http://www.vupen.com/english/advisories/2010/1454http://www.vupen.com/english/advisories/2010/1523http://www.vupen.com/english/advisories/2010/1793http://www.zerodayinitiative.com/advisories/ZDI-10-056https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13971https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9974https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0840
2010-04-01
Published
2022-05-25
Added to CISA KEV
Exploited in the wild