cbcvebase.
CVE-2010-0840
published 2010-04-01

CVE-2010-0840: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows…

PriorityP195critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOITRansomware
CISA Known Exploited Vulnerabilitydue 2022-06-15
Exploited in the wild
EPSS
96.17%
99.9th percentile
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."

Affected

15 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
opensuseopensuse
opensuseopensuse
opensuseopensuse
oraclejre
oraclejre
oraclejre
vmwareesxi
vmwarevmware_tools
vmwarevmware_vcenter_server
vmwarevmware_vsphere
vmwarevmware_workstation

Detection & IOCsextracted from sources · hover to see the quote

pathdata/exploits/cve-2010-0840/vuln/Exploit.class
pathdata/exploits/cve-2010-0840/vuln/Exploit$1.class
pathdata/exploits/cve-2010-0840/vuln/Link.class
filenameApplet.jar
urlhttp://slightlyrandombrokenthoughts.blogspot.com/2010/04/java-trusted-method-chaining-cve-2010.html
  • Detect HTTP responses serving a JAR file with path ending in '.jar' that contains the class files vuln/Exploit.class, vuln/Exploit$1.class, and vuln/Link.class — characteristic of the CVE-2010-0840 Metasploit exploit module.
  • Detect HTML pages delivering a Java applet with archive=Applet.jar and the lure text 'Loading, Please Wait...' — consistent with the exploit's generated HTML page.
  • Monitor for Java applet privilege escalation via Statement.invoke() trusted method chaining — an untrusted object extending a trusted class to execute code in a privileged context.
  • Flag deferred calls to trusted applet methods from untrusted applet or application contexts — the exploit mechanism involves incorrect permissions granted to deferred trusted applet method calls.
  • ·The exploit targets Java 6 prior to Update 19 and Java 5 prior to Update 23; instances running these versions in browser-facing or internet-exposed contexts are at highest risk.
  • ·The Metasploit module supports Java, Windows x86, and Linux x86 payloads with up to 20480 bytes of payload space, meaning defenders should expect cross-platform exploitation attempts.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
cisa9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu5.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.