製品・ソフトウェアに関する情報

JVN脆弱性詳細

複数の Oracle 製品の Java 2D コンポーネントにおける脆弱性

Title	複数の Oracle 製品の Java 2D コンポーネントにおける脆弱性
Summary	複数の Oracle 製品の Java 2D コンポーネントには、機密性、完全性、可用性に影響のある脆弱性が存在します。
Possible impacts	第三者により、情報が漏えいする、あるいは情報を改ざんされたり、サービス運用妨害 (DoS) 攻撃が行われる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 30, 2010, midnight
Registration Date	April 23, 2010, 6:22 p.m.
Last Update	March 11, 2011, 10:09 a.m.

CVSS2.0 : 危険
Score	7.5
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected System

サン・マイクロシステムズ

JDK 5.0 Update 23 およびそれ以前

JDK 6 Update 18 およびそれ以前

JRE 5.0 Update 23 およびそれ以前

JRE 6 Update 18 およびそれ以前

レッドハット

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux Extras 4 extras

Red Hat Enterprise Linux Extras 4.7.z extras

Red Hat Enterprise Linux Extras 4.8.z extras

RHEL Desktop Supplementary 5 (client)

RHEL Supplementary 5 (server)

RHEL Supplementary EUS 5.2.z (server)

RHEL Supplementary EUS 5.3.z (server)

RHEL Supplementary EUS 5.4.z (server)

ヒューレット・パッカード

HP-UX 11.11

HP-UX 11.23

HP-UX 11.31

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

アップル

Apple Mac OS X v10.5.8

Apple Mac OS X v10.6.3

Apple Mac OS X Server v10.5.8

Apple Mac OS X Server v10.6.3

日立

Cosminexus Application Server Enterprise Version 6

Cosminexus Application Server Standard Version 6

Cosminexus Application Server Version 5

Cosminexus Client Version 6

Cosminexus Developer Light Version 6

Cosminexus Developer Professional Version 6

Cosminexus Developer Standard Version 6

Cosminexus Developer Version 5

Cosminexus Server - Standard Edition Version 4

Cosminexus Server - Web Edition Version 4

Cosminexus Studio - Standard Edition Version 4

Cosminexus Studio - Web Edition Version 4

Cosminexus Studio Version 5

Hitachi Developer's Kit for Java

Processing Kit for XML

uCosminexus Application Server Enterprise

uCosminexus Application Server Standard

uCosminexus Client

uCosminexus Developer Light

uCosminexus Developer Professional

uCosminexus Developer Standard

uCosminexus Operator

uCosminexus Service Architect

uCosminexus Service Platform

VMware

VMware ESX 3.0.3

VMware ESX 3.5

VMware ESX 4.0

VMware ESX 4.1

VMware vCenter 4.0

VMware vCenter 4.1

VMware VirtualCenter 2.5

VMware vSphere Update Manager 1.0

VMware vSphere Update Manager 4.0

VMware vSphere Update Manager 4.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-0838	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838
National Vulnerability Database (NVD)
2	CVE-2010-0838	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0838

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT4170	http://support.apple.com/kb/HT4170
2	HT4171	http://support.apple.com/kb/HT4171
Apple セキュリティアップデート
3	HT4170	http://support.apple.com/kb/HT4170?viewlocale=ja_JP
4	HT4171	http://support.apple.com/kb/HT4171?viewlocale=ja_JP
Asianux Technical Support Network
5	jdk-1.6.0_19	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1028
Critical Patch Updates and Security Alerts
6	javacpumar2010	http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html
Hitachi Software Vulnerability Information
7	HS10-010	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-010/index.html
HP Security Bulletin
8	HPSBUX02524	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02122104
Red Hat Security Advisory
9	RHSA-2010:0337	https://rhn.redhat.com/errata/RHSA-2010-0337.html
10	RHSA-2010:0338	https://rhn.redhat.com/errata/RHSA-2010-0338.html
11	RHSA-2010:0339	https://rhn.redhat.com/errata/RHSA-2010-0339.html
12	RHSA-2010:0383	https://rhn.redhat.com/errata/RHSA-2010-0383.html
VMware Security Advisories
13	VMSA-2011-0003	http://www.vmware.com/security/advisories/VMSA-2011-0003.html
ソフトウェア製品セキュリティ情報
14	HS10-010	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-010/index.html

その他

No	Name	URL
ISS X-Force Database
1	57346	http://xforce.iss.net/xforce/xfdb/57346
SecurityFocus
2	39069	http://www.securityfocus.com/bid/39069

Change Log

No	Changed Details	Date of change
0	[2010年04月23日] 掲載 [2010年05月25日] 影響を受けるシステム：アップル (HT4170) の情報を追加影響を受けるシステム：アップル (HT4171) の情報を追加ベンダ情報：アップル (HT4170) を追加ベンダ情報：アップル (HT4171) を追加ベンダ情報：レッドハット (RHSA-2010:0383) を追加 [2010年06月10日] 影響を受けるシステム：ヒューレット・パッカード (HPSBUX02524) の情報を追加影響を受けるシステム：日立 (HS10-010) の情報を追加ベンダ情報：ヒューレット・パッカード (HPSBUX02524) を追加ベンダ情報：日立 (HS10-010) を追加 [2011年03月11日] 影響を受けるシステム：VMware (VMSA-2011-0003) の情報を追加ベンダ情報：VMware (VMSA-2011-0003) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-0838

Summary	Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.
Summary	Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html 'Affected product releases and versions: • Java SE: • JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux • JDK 5.0 Update 23 and earlier for Solaris • SDK 1.4.2_25 and earlier for Solaris • Java for Business: • JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux • JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux • SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux'
Publication Date	April 2, 2010, 1:30 a.m.
Registration Date	Jan. 29, 2021, 10:58 a.m.
Last Update	Oct. 11, 2018, 4:53 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:sun:jre:1.6.0:::::::*
cpe:2.3:a:sun:jre:1.6.0:update_1::::::
cpe:2.3:a:sun:jre:1.6.0:update_10::::::
cpe:2.3:a:sun:jre:1.6.0:update_11::::::
cpe:2.3:a:sun:jre:1.6.0:update_12::::::
cpe:2.3:a:sun:jre:1.6.0:update_13::::::
cpe:2.3:a:sun:jre:1.6.0:update_14::::::
cpe:2.3:a:sun:jre:1.6.0:update_15::::::
cpe:2.3:a:sun:jre:1.6.0:update_16::::::
cpe:2.3:a:sun:jre:1.6.0:update_17::::::
cpe:2.3:a:sun:jre::update_18::::::*		1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_2::::::
cpe:2.3:a:sun:jre:1.6.0:update_3::::::
cpe:2.3:a:sun:jre:1.6.0:update_4::::::
cpe:2.3:a:sun:jre:1.6.0:update_5::::::
cpe:2.3:a:sun:jre:1.6.0:update_6::::::
cpe:2.3:a:sun:jre:1.6.0:update_7::::::

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:sun:jdk:1.6.0:::::::*
cpe:2.3:a:sun:jdk:1.6.0:update1::::::
cpe:2.3:a:sun:jdk:1.6.0:update1_b06::::::
cpe:2.3:a:sun:jdk:1.6.0:update2::::::
cpe:2.3:a:sun:jdk:1.6.0:update_10::::::
cpe:2.3:a:sun:jdk:1.6.0:update_11::::::
cpe:2.3:a:sun:jdk:1.6.0:update_12::::::
cpe:2.3:a:sun:jdk:1.6.0:update_13::::::
cpe:2.3:a:sun:jdk:1.6.0:update_14::::::
cpe:2.3:a:sun:jdk:1.6.0:update_15::::::
cpe:2.3:a:sun:jdk:1.6.0:update_16::::::
cpe:2.3:a:sun:jdk:1.6.0:update_17::::::
cpe:2.3:a:sun:jdk::update_18::::::*		1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_3::::::
cpe:2.3:a:sun:jdk:1.6.0:update_4::::::
cpe:2.3:a:sun:jdk:1.6.0:update_5::::::
cpe:2.3:a:sun:jdk:1.6.0:update_6::::::
cpe:2.3:a:sun:jdk:1.6.0:update_7::::::

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:sun:jdk:1.5.0:::::::*
cpe:2.3:a:sun:jdk:1.5.0:update1::::::
cpe:2.3:a:sun:jdk:1.5.0:update10::::::
cpe:2.3:a:sun:jdk:1.5.0:update11::::::
cpe:2.3:a:sun:jdk:1.5.0:update12::::::
cpe:2.3:a:sun:jdk:1.5.0:update13::::::
cpe:2.3:a:sun:jdk:1.5.0:update14::::::
cpe:2.3:a:sun:jdk:1.5.0:update15::::::
cpe:2.3:a:sun:jdk:1.5.0:update16::::::
cpe:2.3:a:sun:jdk:1.5.0:update17::::::
cpe:2.3:a:sun:jdk:1.5.0:update18::::::
cpe:2.3:a:sun:jdk:1.5.0:update19::::::
cpe:2.3:a:sun:jdk:1.5.0:update2::::::
cpe:2.3:a:sun:jdk:1.5.0:update20::::::
cpe:2.3:a:sun:jdk:1.5.0:update21::::::
cpe:2.3:a:sun:jdk::update23::::::*		1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update3::::::
cpe:2.3:a:sun:jdk:1.5.0:update4::::::
cpe:2.3:a:sun:jdk:1.5.0:update5::::::
cpe:2.3:a:sun:jdk:1.5.0:update6::::::
cpe:2.3:a:sun:jdk:1.5.0:update7::::::
cpe:2.3:a:sun:jdk:1.5.0:update8::::::
cpe:2.3:a:sun:jdk:1.5.0:update9::::::

Configuration4	or higher	or less	more than	less than
cpe:2.3:a:sun:jre:1.5.0:::::::*
cpe:2.3:a:sun:jre:1.5.0:update1::::::
cpe:2.3:a:sun:jre:1.5.0:update10::::::
cpe:2.3:a:sun:jre:1.5.0:update11::::::
cpe:2.3:a:sun:jre:1.5.0:update12::::::
cpe:2.3:a:sun:jre:1.5.0:update13::::::
cpe:2.3:a:sun:jre:1.5.0:update14::::::
cpe:2.3:a:sun:jre:1.5.0:update15::::::
cpe:2.3:a:sun:jre:1.5.0:update16::::::
cpe:2.3:a:sun:jre:1.5.0:update17::::::
cpe:2.3:a:sun:jre:1.5.0:update18::::::
cpe:2.3:a:sun:jre:1.5.0:update19::::::
cpe:2.3:a:sun:jre:1.5.0:update2::::::
cpe:2.3:a:sun:jre:1.5.0:update20::::::
cpe:2.3:a:sun:jre:1.5.0:update21::::::
cpe:2.3:a:sun:jre::update23::::::*		1.5.0
cpe:2.3:a:sun:jre:1.5.0:update3::::::
cpe:2.3:a:sun:jre:1.5.0:update4::::::
cpe:2.3:a:sun:jre:1.5.0:update5::::::
cpe:2.3:a:sun:jre:1.5.0:update6::::::
cpe:2.3:a:sun:jre:1.5.0:update7::::::
cpe:2.3:a:sun:jre:1.5.0:update8::::::
cpe:2.3:a:sun:jre:1.5.0:update9::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751	HP
2	http://lists.apple.com/archives/security-announce/2010//May/msg00001.html	APPLE
3	http://lists.apple.com/archives/security-announce/2010//May/msg00002.html	APPLE
4	http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html	SUSE
5	http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html	SUSE
6	http://marc.info/?l=bugtraq&m=127557596201693&w=2	HP
7	http://marc.info/?l=bugtraq&m=134254866602253&w=2	HP
8	http://secunia.com/advisories/39292	SECUNIA	Vendor Advisory
9	http://secunia.com/advisories/39317	SECUNIA	Vendor Advisory
10	http://secunia.com/advisories/39659	SECUNIA	Vendor Advisory
11	http://secunia.com/advisories/39819	SECUNIA	Vendor Advisory
12	http://secunia.com/advisories/40545	SECUNIA	Vendor Advisory
13	http://secunia.com/advisories/43308	SECUNIA	Vendor Advisory
14	http://support.apple.com/kb/HT4170	CONFIRM
15	http://support.apple.com/kb/HT4171	CONFIRM
16	http://ubuntu.com/usn/usn-923-1	UBUNTU
17	http://www.mandriva.com/security/advisories?name=MDVSA-2010:084	MANDRIVA
18	http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html	CONFIRM
19	http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html	CONFIRM
20	http://www.redhat.com/support/errata/RHSA-2010-0337.html	REDHAT
21	http://www.redhat.com/support/errata/RHSA-2010-0338.html	REDHAT
22	http://www.redhat.com/support/errata/RHSA-2010-0339.html	REDHAT
23	http://www.redhat.com/support/errata/RHSA-2010-0383.html	REDHAT
24	http://www.redhat.com/support/errata/RHSA-2010-0471.html	REDHAT
25	http://www.securityfocus.com/archive/1/510534/100/0/threaded	BUGTRAQ
26	http://www.securityfocus.com/archive/1/516397/100/0/threaded	BUGTRAQ
27	http://www.securityfocus.com/bid/39069	BID
28	http://www.vmware.com/security/advisories/VMSA-2011-0003.html	CONFIRM
29	http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html	CONFIRM
30	http://www.vupen.com/english/advisories/2010/1107	VUPEN	Vendor Advisory
31	http://www.vupen.com/english/advisories/2010/1191	VUPEN	Vendor Advisory
32	http://www.vupen.com/english/advisories/2010/1454	VUPEN	Vendor Advisory
33	http://www.vupen.com/english/advisories/2010/1793	VUPEN	Vendor Advisory
34	http://www.zerodayinitiative.com/advisories/ZDI-10-061	MISC
35	https://exchange.xforce.ibmcloud.com/vulnerabilities/57346	XF
36	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10482	OVAL
37	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13923	OVAL

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:sun:jre:1.6.0:::::::*
cpe:2.3:a:sun:jre:1.6.0:update_1::::::
cpe:2.3:a:sun:jre:1.6.0:update_10::::::
cpe:2.3:a:sun:jre:1.6.0:update_11::::::
cpe:2.3:a:sun:jre:1.6.0:update_12::::::
cpe:2.3:a:sun:jre:1.6.0:update_13::::::
cpe:2.3:a:sun:jre:1.6.0:update_14::::::
cpe:2.3:a:sun:jre:1.6.0:update_15::::::
cpe:2.3:a:sun:jre:1.6.0:update_16::::::
cpe:2.3:a:sun:jre:1.6.0:update_17::::::
cpe:2.3:a:sun:jre::update_18::::::*		1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_2::::::
cpe:2.3:a:sun:jre:1.6.0:update_3::::::
cpe:2.3:a:sun:jre:1.6.0:update_4::::::
cpe:2.3:a:sun:jre:1.6.0:update_5::::::
cpe:2.3:a:sun:jre:1.6.0:update_6::::::
cpe:2.3:a:sun:jre:1.6.0:update_7::::::

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:sun:jdk:1.6.0:::::::*
cpe:2.3:a:sun:jdk:1.6.0:update1::::::
cpe:2.3:a:sun:jdk:1.6.0:update1_b06::::::
cpe:2.3:a:sun:jdk:1.6.0:update2::::::
cpe:2.3:a:sun:jdk:1.6.0:update_10::::::
cpe:2.3:a:sun:jdk:1.6.0:update_11::::::
cpe:2.3:a:sun:jdk:1.6.0:update_12::::::
cpe:2.3:a:sun:jdk:1.6.0:update_13::::::
cpe:2.3:a:sun:jdk:1.6.0:update_14::::::
cpe:2.3:a:sun:jdk:1.6.0:update_15::::::
cpe:2.3:a:sun:jdk:1.6.0:update_16::::::
cpe:2.3:a:sun:jdk:1.6.0:update_17::::::
cpe:2.3:a:sun:jdk::update_18::::::*		1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_3::::::
cpe:2.3:a:sun:jdk:1.6.0:update_4::::::
cpe:2.3:a:sun:jdk:1.6.0:update_5::::::
cpe:2.3:a:sun:jdk:1.6.0:update_6::::::
cpe:2.3:a:sun:jdk:1.6.0:update_7::::::

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:sun:jdk:1.5.0:::::::*
cpe:2.3:a:sun:jdk:1.5.0:update1::::::
cpe:2.3:a:sun:jdk:1.5.0:update10::::::
cpe:2.3:a:sun:jdk:1.5.0:update11::::::
cpe:2.3:a:sun:jdk:1.5.0:update12::::::
cpe:2.3:a:sun:jdk:1.5.0:update13::::::
cpe:2.3:a:sun:jdk:1.5.0:update14::::::
cpe:2.3:a:sun:jdk:1.5.0:update15::::::
cpe:2.3:a:sun:jdk:1.5.0:update16::::::
cpe:2.3:a:sun:jdk:1.5.0:update17::::::
cpe:2.3:a:sun:jdk:1.5.0:update18::::::
cpe:2.3:a:sun:jdk:1.5.0:update19::::::
cpe:2.3:a:sun:jdk:1.5.0:update2::::::
cpe:2.3:a:sun:jdk:1.5.0:update20::::::
cpe:2.3:a:sun:jdk:1.5.0:update21::::::
cpe:2.3:a:sun:jdk::update23::::::*		1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update3::::::
cpe:2.3:a:sun:jdk:1.5.0:update4::::::
cpe:2.3:a:sun:jdk:1.5.0:update5::::::
cpe:2.3:a:sun:jdk:1.5.0:update6::::::
cpe:2.3:a:sun:jdk:1.5.0:update7::::::
cpe:2.3:a:sun:jdk:1.5.0:update8::::::
cpe:2.3:a:sun:jdk:1.5.0:update9::::::

Configuration4	or higher	or less	more than	less than
cpe:2.3:a:sun:jre:1.5.0:::::::*
cpe:2.3:a:sun:jre:1.5.0:update1::::::
cpe:2.3:a:sun:jre:1.5.0:update10::::::
cpe:2.3:a:sun:jre:1.5.0:update11::::::
cpe:2.3:a:sun:jre:1.5.0:update12::::::
cpe:2.3:a:sun:jre:1.5.0:update13::::::
cpe:2.3:a:sun:jre:1.5.0:update14::::::
cpe:2.3:a:sun:jre:1.5.0:update15::::::
cpe:2.3:a:sun:jre:1.5.0:update16::::::
cpe:2.3:a:sun:jre:1.5.0:update17::::::
cpe:2.3:a:sun:jre:1.5.0:update18::::::
cpe:2.3:a:sun:jre:1.5.0:update19::::::
cpe:2.3:a:sun:jre:1.5.0:update2::::::
cpe:2.3:a:sun:jre:1.5.0:update20::::::
cpe:2.3:a:sun:jre:1.5.0:update21::::::
cpe:2.3:a:sun:jre::update23::::::*		1.5.0
cpe:2.3:a:sun:jre:1.5.0:update3::::::
cpe:2.3:a:sun:jre:1.5.0:update4::::::
cpe:2.3:a:sun:jre:1.5.0:update5::::::
cpe:2.3:a:sun:jre:1.5.0:update6::::::
cpe:2.3:a:sun:jre:1.5.0:update7::::::
cpe:2.3:a:sun:jre:1.5.0:update8::::::
cpe:2.3:a:sun:jre:1.5.0:update9::::::