Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-3573

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.

Related bugs and status

CVE-2010-3573 (Candidate) is related to these bugs:

Bug #659937: Security Update for Sun Java JRE 6: Update 22

Summary				In	Importance	Status
	659937	Security Update for Sun Java JRE 6: Update 22		sun-java6 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.oracle.com/...
CONFIRM: http://support.avaya.c...
CONFIRM: http://support.avaya.c...
CONFIRM: https://bugzilla.redha...
REDHAT: RHSA-2010:0770
FEDORA: FEDORA-2010-16240
FEDORA: FEDORA-2010-16294
FEDORA: FEDORA-2010-16312
REDHAT: RHSA-2010:0807
UBUNTU: USN-1010-1
SECUNIA: 41967
SECUNIA: 41972
REDHAT: RHSA-2010:0768
REDHAT: RHSA-2010:0865
REDHAT: RHSA-2010:0873
CONFIRM: http://support.avaya.c...
CONFIRM: http://www.oracle.com/...
REDHAT: RHSA-2010:0987
SUSE: SUSE-SR:2010:019
SECUNIA: 42974
CONFIRM: http://www.vmware.com/...
REDHAT: RHSA-2011:0880
SECUNIA: 44954
GENTOO: GLSA-201406-32
HP: HPSBUX02608
HP: SSRT100333
HP: HPSBMU02799
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20110211 VMSA-2011-000...