Red Hat Customer Portal

Skip to main content

CVE-2010-3563

Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.

Details Source

Mitre

Public Date

2010-10-12 00:00:00

Impact

Critical

Bugzilla

CVE-2010-3563 JDK unspecified vulnerability in Deployment component

Bugzilla ID

642 589

CVSS Status

verified

Base Score

7.50

Base Metrics

AV:N/AC:L/Au:N/C:P/I:P/A:P

IAVA

2011-A-0160

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) RHSA-2010:0987 2010-12-15
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-sun) RHSA-2010:0770 2010-10-14
Red Hat Satellite 5.4 (RHEL v.5) (java-1.6.0-ibm) RHSA-2011:0880 2011-06-16
Red Hat Enterprise Linux AS version 4 Extras (java-1.6.0-sun) RHSA-2010:0770 2010-10-14
Red Hat Enterprise Linux AS version 4 Extras (java-1.6.0-ibm) RHSA-2010:0987 2010-12-15
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) RHSA-2010:0987 2010-12-15