Severity: : High
  CVE Kennungen: : CVE-2010-0094
  Advisory Date: 21 lipca 2015

  DESCRIPTION

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized. nvd: Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html 'Affected product releases and versions: • Java SE: • JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux • JDK 5.0 Update 23 and earlier for Solaris • SDK 1.4.2_25 and earlier for Solaris • Java for Business: • JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux • JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux • SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux'

  INFORMATION EXPOSURE

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1004870
  Trend Micro Deep Security DPI Rule Name: 1004870 - Identified Suspicious Jar File

  AFFECTED SOFTWARE AND VERSION:

  • sun jdk 1.5.0
  • sun jdk 1.6.0
  • sun jre 1.5.0
  • sun jre 1.6.0
  • Java SE JDK and JRE 6 Update 18 and earlier for Windows
  • Solaris
  • and Linux
  • Java for Business JDK and JRE 6 Update 18 and earlier for Windows
  • Solaris and Linux
  • Java for Business SDK and JRE 1.4.2_25 and earlier for Windows
  • Solaris and Linux
  • Java SE JDK 5.0 Update 23 and earlier for Solaris
  • Java SE SDK 1.4.2_25 and earlier for Solaris
  • Java for Business JDK and JRE 5.0 Update 23 and earlier for Windows
  • Solaris and Linux