CVE-2010-4452

Related Files

HP Security Bulletin HPSBMU02797 SSRT100867

Posted Jul 17, 2012

Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02797 SSRT100867 - Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) running JDK for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, info disclosure

systems | linux, windows, solaris, hpux

advisories | CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475, CVE-2010-4476, CVE-2011-0786, CVE-2011-0788, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0817, CVE-2011-0862

SHA-256 | 4338efff43deea01d68a1d0c996a4d7dbb4faa1342e817584e487f06b359d673

Download | Favorite | View

Red Hat Security Advisory 2011-0880-01

Posted Jun 17, 2011

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0880-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite 5.4.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. Various other issues were also addressed.

tags | advisory, java, vulnerability

systems | linux, redhat

advisories | CVE-2009-3555, CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3553, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3560, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574, CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4452, CVE-2010-4454

SHA-256 | 23e57d99b78195d5d080dfd7d6831e809d977086b9839464c667dc791c8b7697

Download | Favorite | View

Sun Java Applet2ClassLoader Remote Code Execution Exploit

Posted Mar 16, 2011

Authored by jduck, Frederic Hoguin | Site metasploit.com

This Metasploit module exploits a vulnerability in Java Runtime Environment that allows an attacker to escape the Java Sandbox. By supplying a codebase that points at a trusted directory and a code that is a URL that does not contain an dots an applet can run without the sandbox. The vulnerability affects version 6 prior to update 24.

tags | exploit, java

advisories | CVE-2010-4452

SHA-256 | 7b085d16fc224d04acc72867a334f80b6d2236665c25fefb9802bb1c7783d2ac

Download | Favorite | View

Zero Day Initiative Advisory 11-084

Posted Feb 15, 2011

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-084 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the findClass method of the sun.plugin2.applet.Applet2ClassLoader class. Due to a failure to properly validate URLs supplied by an implicitly trusted applet, it is possible to execute arbitrary code on Windows 32-bit and 64-bit, as well as Linux 32-bit platforms under the context of the SYSTEM user.

tags | advisory, java, remote, arbitrary

systems | linux, windows

advisories | CVE-2010-4452

SHA-256 | 1c7151242a63212a2753302b519801eac9936ba533ed1416c16f2de270ae545b

Download | Favorite | View