Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-1423 | First vendor Publication | 2010-04-15 |
Vendor | Cve | Last vendor Modification | 2022-05-13 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1423 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14090 | |||
Oval ID: | oval:org.mitre.oval:def:14090 | ||
Title: | Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information. | ||
Description: | Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-1423 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-04-23 | Name : Sun Java Deployment Toolkit Multiple Vulnerabilities (Windows) File : nvt/secpod_sun_java_jdk_mult_vuln_win_apr10.nasl |
2010-04-23 | Name : Sun Java JRE Multiple Vulnerabilities (Linux) File : nvt/secpod_sun_java_jre_mult_vuln_lin_apr10.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
63648 | Sun Java Deployment Toolkit javaw.exe JAR File Handling Arbitrary Code Execu... Sun Java Deployment Toolkit contains a flaw that may allow an attacker to execute arbitrary code. The vulnerability is trigger upon visit of a malicious website embedding a specially crafted JNLP application. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Oracle JRE Deployment Toolkit ActiveX clsid access attempt RuleID : 26682 - Revision : 5 - Type : BROWSER-PLUGINS |
2014-01-10 | Oracle JRE Deployment Toolkit ActiveX clsid access attempt RuleID : 23878 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Oracle Java Web Start arbitrary command execution attempt RuleID : 17660 - Revision : 9 - Type : SERVER-OTHER |
2014-01-10 | Oracle Java Web Start arbitrary command execution attempt RuleID : 16585 - Revision : 5 - Type : WEB-CLIENT |
2014-01-10 | Oracle Java Web Start arbitrary command execution attempt - Internet Explorer RuleID : 16584 - Revision : 8 - Type : BROWSER-IE |
2014-01-10 | Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code executio... RuleID : 16550 - Revision : 8 - Type : FILE-OTHER |
2014-01-10 | Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code executio... RuleID : 16549 - Revision : 11 - Type : FILE-OTHER |
2014-01-10 | Java Web Start ActiveX launch command by JavaScript CLSID RuleID : 16548 - Revision : 5 - Type : WEB-ACTIVEX |
2014-01-10 | Java Web Start ActiveX launch command by CLSID RuleID : 16547 - Revision : 5 - Type : WEB-ACTIVEX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-02-22 | Name : The remote host contains a runtime environment that is affected by multiple v... File : oracle_java6_update20_unix.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote host contains a runtime environment that is affected by multiple v... File : oracle_java6_update20.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-04-02 01:12:10 |
|
2024-02-02 01:13:08 |
|
2024-02-01 12:03:35 |
|
2023-09-05 12:12:14 |
|
2023-09-05 01:03:27 |
|
2023-09-02 12:12:17 |
|
2023-09-02 01:03:29 |
|
2023-08-12 12:14:34 |
|
2023-08-12 01:03:28 |
|
2023-08-11 12:12:20 |
|
2023-08-11 01:03:37 |
|
2023-08-06 12:11:52 |
|
2023-08-06 01:03:31 |
|
2023-08-04 12:11:57 |
|
2023-08-04 01:03:32 |
|
2023-07-14 12:11:53 |
|
2023-07-14 01:03:30 |
|
2023-03-29 01:13:36 |
|
2023-03-28 12:03:36 |
|
2022-12-22 01:09:53 |
|
2022-12-14 01:09:56 |
|
2022-11-22 01:10:10 |
|
2022-10-11 12:10:36 |
|
2022-10-11 01:03:17 |
|
2022-05-14 09:28:18 |
|
2022-05-14 00:28:17 |
|
2022-05-13 21:28:28 |
|
2021-09-23 01:07:21 |
|
2021-05-04 12:11:26 |
|
2021-04-22 01:12:02 |
|
2020-05-23 13:16:55 |
|
2020-05-23 01:41:58 |
|
2020-05-23 00:25:38 |
|
2018-10-30 12:03:21 |
|
2017-09-19 09:23:45 |
|
2017-08-17 09:22:59 |
|
2017-05-05 12:00:39 |
|
2017-02-06 12:00:33 |
|
2016-06-28 18:08:08 |
|
2016-04-26 19:44:39 |
|
2014-02-17 10:54:53 |
|
2014-01-19 21:26:47 |
|
2013-11-15 13:19:45 |
|
2013-05-10 23:22:58 |
|