Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3552JDK vulnerability

CWE-39910 documents8 sources
Severity
10.0CRITICALNVD
EPSS
82.9%
top 0.75%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SUN JDKSUN JRE
Timeline
PublishedOct 19
Latest updateMay 17

Description

Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDsun/jdk1.6.0+1
NVDsun/jre1.6.0+1

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-3rv7-vfgw-fvwj: Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect conf2022-05-17
CVEList
CVE-2010-3552: Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect conf2010-10-19

💥Exploits & PoCs

2
Exploit-DB
Sun Java - Runtime New Plugin docbase Buffer Overflow (Metasploit)2011-01-08
Exploit-DB
Oracle Java 6 - OBJECT tag 'launchjnlp'/'docbase' Remote Buffer Overflow2010-10-13

🔍Detection Rules

1
Suricata
ET WEB_CLIENT Oracle Java 6 Object Tag launchjnlp docbase Parameters Buffer Overflow2010-12-22

📋Vendor Advisories

2
Red Hat
JDK unspecified vulnerability in New Java Plugin component2010-10-12
Cisco
MIT Kerberos GSS-API Library Remote Denial of Service Vulnerability2010-05-19

💬Community

2
Bugzilla
CVE-2010-3552 JDK unspecified vulnerability in New Java Plugin component2010-10-13
Bugzilla
CVE-2009-3552 GUI: Man in the middle attack possible on the GUI to Backend SSL connection2009-10-14
CVE-2010-3552 — SUN JDK vulnerability | cvebase