Back to search

VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2010-0094)

Severity CVSS Published Added Modified
8 (AV:N/AC:L/Au:N/C:P/I:P/A:P) April 01, 2010 February 16, 2011 December 05, 2013

Available Exploits 

Description

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

VMware VMware ESX Server 4.1

Upgrade VMware ESX 4.1 to build number 348481

Download and apply the upgrade from: http://www.vmware.com/patchmgr/findPatchByReleaseName.portal

The typical way to apply patches to VMware ESX 4.1 hosts is via the vCenter Update Manager. For details, see the vCenter Update Manager Administration Guide.

To update ESX/ESXi hosts without using Update Manager, obtain the patch for this vulnerability by searching for the build number in the link below

Related Vulnerabilities