CVE-2010-3574 — HIGH (10.0)

Q: How severe is CVE-2010-3574?

CVE-2010-3574 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-3574?

Check the references section above for vendor advisories and patch information. Affected products include: Sun Jre, Sun Jdk, Sun Sdk.

Vulnerability Description

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Sun	Jre	<= 1.6.0
Sun	Jdk	<= 1.6.0
Sun	Sdk	<= 1.4.2_27

References

FAQ

What is CVE-2010-3574?

CVE-2010-3574 is a vulnerability with a CVSS score of 10.0 (HIGH). Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, inte...

How severe is CVE-2010-3574?

CVE-2010-3574 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-3574?

Check the references section above for vendor advisories and patch information. Affected products include: Sun Jre, Sun Jdk, Sun Sdk.