Description

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets."

References

• CVE-2010-4448
• DEBIAN-DSA-2224
• DISA_SEVERITY-Category I
• DISA_VMSKEY-V0030769
• DISA_VMSKEY-V0030824
• IAVM-2011-A-0160
• IAVM-2011-A-0173
• OVAL-OVAL12906
• OVAL-OVAL14045
• REDHAT-RHSA-2011:0281
• REDHAT-RHSA-2011:0282
• REDHAT-RHSA-2011:0880
• SUSE-SUSE-SA:2011:024
• URL: http://support.apple.com/kb/HT4563

Solution Reference

Solution

Related Vulnerabilities

• RHSA-2011:0281: java-1.6.0-openjdk security update
• SUSE Linux Security Advisory: SUSE-SA:2011:024
• RHSA-2011:0490: java-1.4.2-ibm security update
• Java CPU February 2011 Java Runtime Environment Networking vulnerability (CVE-2010-4448)
• RHSA-2011:0282: java-1.6.0-sun security update
• SUSE Linux Security Advisory: SUSE-SR:2011:008
• HP-UX: CVE-2010-4448: Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
• Gentoo Linux: CVE-2010-4448: IcedTea JDK: Multiple vulnerabilities
• VMSA-2011-0013: vSphere Update Manager Oracle (Sun) JRE update 1.5.0_30 (CVE-2010-4448)
• USN-1079-1: OpenJDK 6 vulnerabilities
• RHSA-2011:0364: java-1.5.0-ibm security update
• RHSA-2011:0880: Red Hat Network Satellite server IBM Java Runtime security update
• USN-1079-2: OpenJDK 6 vulnerabilities
• USN-1079-3: OpenJDK 6 vulnerabilities
• SUSE Linux Security Advisory: SUSE-SA:2011:010
• RHSA-2011:0357: java-1.6.0-ibm security update
• SUSE Linux Security Vulnerability: CVE-2010-4448
• RHSA-2011:0870: java-1.4.2-ibm-sap security update