CVE-2010-4470JDK vulnerability

8 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
8.1%
top 7.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SUN JDKSUN JRE
Timeline
PublishedFeb 17
Latest updateMay 17

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDsun/jdk1.6.0+1
NVDsun/jre1.6.0+1

Patches

Patch: www.oracle.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-rgfv-57h2-99r6: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote at2022-05-17
CVEList
CVE-2010-4470: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote at2011-02-17

📋Vendor Advisories

4
Ubuntu
OpenJDK 6 vulnerabilities2011-03-17
Ubuntu
OpenJDK 6 vulnerabilities2011-03-15
Ubuntu
OpenJDK 6 vulnerabilities2011-03-01
Red Hat
OpenJDK JAXP untrusted component state manipulation (6927050)2011-02-15

💬Community

1
Bugzilla
CVE-2010-4470 OpenJDK JAXP untrusted component state manipulation (6927050)2011-02-08
CVE-2010-4470 — SUN JDK vulnerability | cvebase