CVE-2010-4472JDK vulnerability

8 documents6 sources
Severity
2.6LOWNVD
EPSS
6.9%
top 8.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SUN JDKSUN JRE
Timeline
PublishedFeb 17
Latest updateMay 17

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations."

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

NVDsun/jdk1.6.0+1
NVDsun/jre1.6.0+1

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-2qxc-rxrw-rpvh: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attacker2022-05-17
CVEList
CVE-2010-4472: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attacker2011-02-17

📋Vendor Advisories

4
Ubuntu
OpenJDK 6 vulnerabilities2011-03-17
Ubuntu
OpenJDK 6 vulnerabilities2011-03-15
Ubuntu
OpenJDK 6 vulnerabilities2011-03-01
Red Hat
OpenJDK untrusted code allowed to replace DSIG/C14N implementation (6994263)2011-02-15

💬Community

1
Bugzilla
CVE-2010-4472 OpenJDK untrusted code allowed to replace DSIG/C14N implementation (6994263)2011-02-08
CVE-2010-4472 — SUN JDK vulnerability | cvebase