製品・ソフトウェアに関する情報

JVN脆弱性詳細

Oracle Sun Products Suite の Oracle Communications Messaging Server コンポーネントにおける脆弱性

Title	Oracle Sun Products Suite の Oracle Communications Messaging Server コンポーネントにおける脆弱性
Summary	Oracle Sun Products Suite の Oracle Communications Messaging Server (Sun Java System Messaging Server) コンポーネントには、Webmail に関する処理に不備があるため、機密性および完全性に影響のある脆弱性が存在します。
Possible impacts	第三者により、情報が漏えいする、あるいは情報を改ざんされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 12, 2010, midnight
Registration Date	Nov. 9, 2010, 2:47 p.m.
Last Update	Dec. 16, 2010, 3:22 p.m.

CVSS2.0 : 警告
Score	6.4
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:N

Affected System

レッドハット

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux Desktop 6

Red Hat Enterprise Linux HPC Node 6

Red Hat Enterprise Linux Server 6

Red Hat Enterprise Linux Workstation 6

ヒューレット・パッカード

HP-UX 11.11

HP-UX 11.23

HP-UX 11.31

オラクル

Oracle Sun Product Suite 7.0

日立

Cosminexus Application Server Enterprise Version 6

Cosminexus Application Server Standard Version 6

Cosminexus Application Server Version 5

Cosminexus Client Version 6

Cosminexus Developer Light Version 6

Cosminexus Developer Professional Version 6

Cosminexus Developer Standard Version 6

Cosminexus Developer Version 5

Cosminexus Developer's Kit for Java(TM)

Cosminexus Server - Standard Edition Version 4

Cosminexus Server - Web Edition Version 4

Cosminexus Studio - Standard Edition Version 4

Cosminexus Studio - Web Edition Version 4

Cosminexus Studio Version 5

Hitachi Developer's Kit for Java

Processing Kit for XML

uCosminexus Application Server Enterprise

uCosminexus Application Server Standard

uCosminexus Client

uCosminexus Developer Light

uCosminexus Developer Professional

uCosminexus Developer Standard

uCosminexus Operator

uCosminexus Portal Framework エントリセット

uCosminexus Service Architect

uCosminexus Service Platform

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-3564	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3564
National Vulnerability Database (NVD)
2	CVE-2010-3564	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3564

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
Critical Patch Updates and Security Alerts
1	cpuoct2010-175626	http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
Hitachi Software Vulnerability Information
2	HS10-030	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-030/index.html
HP Security Bulletin
3	HPSBUX02608	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748
Red Hat Security Advisory
4	RHSA-2010:0768	https://rhn.redhat.com/errata/RHSA-2010-0768.html
5	RHSA-2010:0865	https://rhn.redhat.com/errata/RHSA-2010-0865.html
オラクル・セキュリティ・アラート
6	101015_92	http://www.oracle.com/technology/global/jp/security/101015_92/top.html
ソフトウェア製品セキュリティ情報
7	HS10-030	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/
富士通セキュリティ情報
8	TA10-287A	http://software.fujitsu.com/jp/security/vulnerabilities/ta10-287a.html

その他

No	Name	URL
JVN
1	JVNTA10-287A	http://jvn.jp/cert/JVNTA10-287A
US-CERT Technical Cyber Security Alert
2	TA10-287A	http://www.us-cert.gov/cas/techalerts/TA10-287A.html

Change Log

No	Changed Details	Date of change
0	[2010年11月09日] 掲載 [2010年11月30日] 影響を受けるシステム：レッドハット (RHSA-2010:0865) の情報を追加ベンダ情報：レッドハット (RHSA-2010:0865) を追加 [2010年12月16日] 影響を受けるシステム：ヒューレット・パッカード (HPSBUX02608) の情報を追加影響を受けるシステム：日立 (HS10-030) の情報を追加ベンダ情報：ヒューレット・パッカード (HPSBUX02608) を追加ベンダ情報：日立 (HS10-030) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-3564

Summary	Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that the Kerberos implementation does not properly check AP-REQ requests, which allows attackers to cause a denial of service in the JVM. NOTE: CVE has not investigated the apparent discrepancy between the two vendors regarding the consequences of this issue.
Publication Date	Oct. 15, 2010, 3 a.m.
Registration Date	Jan. 29, 2021, 11:06 a.m.
Last Update	Nov. 21, 2024, 10:19 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:oracle:sun_products_suite:7.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748
2	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748
3	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748
4	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748
5	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html
6	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html
7	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html
8	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html
9	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html
10	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html
11	http://secunia.com/advisories/41972	Vendor Advisory
12	http://secunia.com/advisories/41972	Vendor Advisory
13	http://secunia.com/advisories/42377	Vendor Advisory
14	http://secunia.com/advisories/42377	Vendor Advisory
15	http://security.gentoo.org/glsa/glsa-201406-32.xml
16	http://security.gentoo.org/glsa/glsa-201406-32.xml
17	http://support.avaya.com/css/P8/documents/100114327
18	http://support.avaya.com/css/P8/documents/100114327
19	http://support.avaya.com/css/P8/documents/100123193
20	http://support.avaya.com/css/P8/documents/100123193
21	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html
22	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html
23	http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
24	http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
25	http://www.redhat.com/support/errata/RHSA-2010-0768.html
26	http://www.redhat.com/support/errata/RHSA-2010-0768.html
27	http://www.redhat.com/support/errata/RHSA-2010-0865.html
28	http://www.redhat.com/support/errata/RHSA-2010-0865.html
29	http://www.securityfocus.com/bid/43963
30	http://www.securityfocus.com/bid/43963
31	http://www.ubuntu.com/usn/USN-1010-1
32	http://www.ubuntu.com/usn/USN-1010-1
33	http://www.us-cert.gov/cas/techalerts/TA10-287A.html	US Government Resource
34	http://www.us-cert.gov/cas/techalerts/TA10-287A.html	US Government Resource
35	http://www.vupen.com/english/advisories/2010/3086	Vendor Advisory
36	http://www.vupen.com/english/advisories/2010/3086	Vendor Advisory
37	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12398
38	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12398

Common Vulnerabilities List