製品・ソフトウェアに関する情報

JVN脆弱性詳細

複数の Oracle 製品の Deployment コンポーネントにおける脆弱性

Title	複数の Oracle 製品の Deployment コンポーネントにおける脆弱性
Summary	複数の Oracle 製品の Deployment コンポーネントには、機密性、完全性、可用性に影響のある脆弱性が存在します。
Possible impacts	第三者により、情報が漏えいする、あるいは情報を改ざんされたり、サービス運用妨害 (DoS) 攻撃が行われる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 12, 2010, midnight
Registration Date	Nov. 5, 2010, 3:02 p.m.
Last Update	Dec. 19, 2012, 6:13 p.m.

CVSS2.0 : 危険
Score	10
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected System

サン・マイクロシステムズ

JDK 6 Update 21 およびそれ以前

JRE 6 Update 21 およびそれ以前

レッドハット

Red Hat Enterprise Linux Extras 4 extras

Red Hat Enterprise Linux Extras 4.8.z extras

Red Hat Enterprise Linux HPC Node Supplementary 6

Red Hat Enterprise Linux Server Supplementary 6

Red Hat Enterprise Linux Workstation Supplementary 6

RHEL Desktop Supplementary 5 (client)

RHEL Desktop Supplementary 6

RHEL Supplementary 5 (server)

ヒューレット・パッカード

HP-UX 11.11

HP-UX 11.23

HP-UX 11.31

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

VMware

VMware ESX 3.0.3

VMware ESX 3.5

VMware ESX 4.0

VMware ESX 4.1

VMware ESXi

VMware vCenter 4.0 (Windows)

VMware vCenter 4.1 (Windows)

VMware VirtualCenter 2.5 (Windows)

VMware vSphere Update Manager 4.0 (Windows)

VMware vSphere Update Manager 4.1 (Windows)

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-3563	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3563
National Vulnerability Database (NVD)
2	CVE-2010-3563	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3563

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
Asianux Technical Support Network
1	jdk-1.6.0_22	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1285
Critical Patch Updates and Security Alerts
2	javacpuoct2010-176258	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
HP Security Bulletin
3	HPSBUX02608	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748
Red Hat Security Advisory
4	RHSA-2010:0770	https://rhn.redhat.com/errata/RHSA-2010-0770.html
5	RHSA-2010:0987	https://rhn.redhat.com/errata/RHSA-2010-0987.html
VMware Security Advisories
6	VMSA-2011-0013	http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2011-0013.html

その他

No	Name	URL
Secunia Advisory
1	SA41791	http://secunia.com/advisories/41791
SecurityFocus
2	43999	http://www.securityfocus.com/bid/43999
VUPEN Security
3	VUPEN/ADV-2010-2660	http://www.vupen.com/english/advisories/2010/2660

Change Log

No	Changed Details	Date of change
0	[2010年11月05日] 掲載 [2010年12月24日] 影響を受けるシステム：ヒューレット・パッカード (HPSBUX02608) の情報を追加影響を受けるシステム：レッドハット (RHSA-2010:0987) の情報を追加ベンダ情報：ヒューレット・パッカード (HPSBUX02608) を追加ベンダ情報：レッドハット (RHSA-2010:0987) を追加 [2012年12月19日] 影響を受けるシステム：VMware (VMSA-2011-0013) の情報を追加ベンダ情報：VMware (VMSA-2011-0013) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-3563

Summary	Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.
Publication Date	Oct. 20, 2010, 7 a.m.
Registration Date	Jan. 29, 2021, 11:06 a.m.
Last Update	Nov. 21, 2024, 10:19 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:sun:jre:1.6.0:update_3::::::
cpe:2.3:a:sun:jre:1.6.0:update_5::::::
cpe:2.3:a:sun:jre:1.6.0:update_13::::::
cpe:2.3:a:sun:jre:1.6.0:update_1::::::
cpe:2.3:a:sun:jre:1.6.0:update_2::::::
cpe:2.3:a:sun:jre:1.6.0:update_16::::::
cpe:2.3:a:sun:jre:1.6.0:update_20::::::
cpe:2.3:a:sun:jre:1.6.0:update_15::::::
cpe:2.3:a:sun:jre:1.6.0:update_6::::::
cpe:2.3:a:sun:jre::update_21::::::*		1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_19::::::
cpe:2.3:a:sun:jre:1.6.0:::::::*
cpe:2.3:a:sun:jre:1.6.0:update_18::::::
cpe:2.3:a:sun:jre:1.6.0:update_10::::::
cpe:2.3:a:sun:jre:1.6.0:update_17::::::
cpe:2.3:a:sun:jre:1.6.0:update_7::::::
cpe:2.3:a:sun:jre:1.6.0:update_14::::::
cpe:2.3:a:sun:jre:1.6.0:update_4::::::
cpe:2.3:a:sun:jre:1.6.0:update_12::::::
cpe:2.3:a:sun:jre:1.6.0:update_11::::::

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:sun:jdk:1.6.0:update_4::::::
cpe:2.3:a:sun:jdk:1.6.0:update_7::::::
cpe:2.3:a:sun:jdk:1.6.0:update_19::::::
cpe:2.3:a:sun:jdk:1.6.0:update_13::::::
cpe:2.3:a:sun:jdk:1.6.0:update_3::::::
cpe:2.3:a:sun:jdk:1.6.0:update_11::::::
cpe:2.3:a:sun:jdk:1.6.0:update_10::::::
cpe:2.3:a:sun:jdk::update_21::::::*		1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_14::::::
cpe:2.3:a:sun:jdk:1.6.0:::::::*
cpe:2.3:a:sun:jdk:1.6.0:update_17::::::
cpe:2.3:a:sun:jdk:1.6.0:update_5::::::
cpe:2.3:a:sun:jdk:1.6.0:update2::::::
cpe:2.3:a:sun:jdk:1.6.0:update1_b06::::::
cpe:2.3:a:sun:jdk:1.6.0:update_16::::::
cpe:2.3:a:sun:jdk:1.6.0:update1::::::
cpe:2.3:a:sun:jdk:1.6.0:update_15::::::
cpe:2.3:a:sun:jdk:1.6.0:update_12::::::
cpe:2.3:a:sun:jdk:1.6.0:update_18::::::
cpe:2.3:a:sun:jdk:1.6.0:update_6::::::
cpe:2.3:a:sun:jdk:1.6.0:update_20::::::

Related information, measures and tools

No	URL	タグ
1	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748
2	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748
3	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748
4	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748
5	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
6	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
7	http://marc.info/?l=bugtraq&m=134254866602253&w=2
8	http://marc.info/?l=bugtraq&m=134254866602253&w=2
9	http://secunia.com/advisories/44954	Vendor Advisory
10	http://secunia.com/advisories/44954	Vendor Advisory
11	http://support.avaya.com/css/P8/documents/100114315
12	http://support.avaya.com/css/P8/documents/100114315
13	http://support.avaya.com/css/P8/documents/100123193
14	http://support.avaya.com/css/P8/documents/100123193
15	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	Patch Vendor Advisory
16	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	Patch Vendor Advisory
17	http://www.redhat.com/support/errata/RHSA-2010-0770.html	Vendor Advisory
18	http://www.redhat.com/support/errata/RHSA-2010-0770.html	Vendor Advisory
19	http://www.redhat.com/support/errata/RHSA-2010-0987.html
20	http://www.redhat.com/support/errata/RHSA-2010-0987.html
21	http://www.redhat.com/support/errata/RHSA-2011-0880.html	Vendor Advisory
22	http://www.redhat.com/support/errata/RHSA-2011-0880.html	Vendor Advisory
23	http://www.securityfocus.com/bid/43999
24	http://www.securityfocus.com/bid/43999
25	http://www.zerodayinitiative.com/advisories/ZDI-10-202/
26	http://www.zerodayinitiative.com/advisories/ZDI-10-202/
27	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12181
28	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12181
29	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12554
30	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12554

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:sun:jre:1.6.0:update_3::::::
cpe:2.3:a:sun:jre:1.6.0:update_5::::::
cpe:2.3:a:sun:jre:1.6.0:update_13::::::
cpe:2.3:a:sun:jre:1.6.0:update_1::::::
cpe:2.3:a:sun:jre:1.6.0:update_2::::::
cpe:2.3:a:sun:jre:1.6.0:update_16::::::
cpe:2.3:a:sun:jre:1.6.0:update_20::::::
cpe:2.3:a:sun:jre:1.6.0:update_15::::::
cpe:2.3:a:sun:jre:1.6.0:update_6::::::
cpe:2.3:a:sun:jre::update_21::::::*		1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_19::::::
cpe:2.3:a:sun:jre:1.6.0:::::::*
cpe:2.3:a:sun:jre:1.6.0:update_18::::::
cpe:2.3:a:sun:jre:1.6.0:update_10::::::
cpe:2.3:a:sun:jre:1.6.0:update_17::::::
cpe:2.3:a:sun:jre:1.6.0:update_7::::::
cpe:2.3:a:sun:jre:1.6.0:update_14::::::
cpe:2.3:a:sun:jre:1.6.0:update_4::::::
cpe:2.3:a:sun:jre:1.6.0:update_12::::::
cpe:2.3:a:sun:jre:1.6.0:update_11::::::

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:sun:jdk:1.6.0:update_4::::::
cpe:2.3:a:sun:jdk:1.6.0:update_7::::::
cpe:2.3:a:sun:jdk:1.6.0:update_19::::::
cpe:2.3:a:sun:jdk:1.6.0:update_13::::::
cpe:2.3:a:sun:jdk:1.6.0:update_3::::::
cpe:2.3:a:sun:jdk:1.6.0:update_11::::::
cpe:2.3:a:sun:jdk:1.6.0:update_10::::::
cpe:2.3:a:sun:jdk::update_21::::::*		1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_14::::::
cpe:2.3:a:sun:jdk:1.6.0:::::::*
cpe:2.3:a:sun:jdk:1.6.0:update_17::::::
cpe:2.3:a:sun:jdk:1.6.0:update_5::::::
cpe:2.3:a:sun:jdk:1.6.0:update2::::::
cpe:2.3:a:sun:jdk:1.6.0:update1_b06::::::
cpe:2.3:a:sun:jdk:1.6.0:update_16::::::
cpe:2.3:a:sun:jdk:1.6.0:update1::::::
cpe:2.3:a:sun:jdk:1.6.0:update_15::::::
cpe:2.3:a:sun:jdk:1.6.0:update_12::::::
cpe:2.3:a:sun:jdk:1.6.0:update_18::::::
cpe:2.3:a:sun:jdk:1.6.0:update_6::::::
cpe:2.3:a:sun:jdk:1.6.0:update_20::::::