Vulnerability in N/a
CVE-2010-0840
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown…
EPSS: 0.921 (99.7th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply updates per vendor instructions.
Public proof-of-concept exploits
References
- APPLE-SA-2010-05-18-1 (vendor-advisory, x_refsource_APPLE)
- HPSBMU02799 (x_refsource_HP, vendor-advisory)
- 20100405 ZDI-10-056: Sun Java Runtime Environment Trusted Methods Chaining Remote Code Execution Vulnerability (mailing-list, x_refsource_BUGTRAQ)
- 39317 (x_refsource_SECUNIA, third-party-advisory)
- RHSA-2010:0383 (x_refsource_REDHAT, vendor-advisory)
- 40545 (x_refsource_SECUNIA, third-party-advisory)
- ADV-2010-1454 (vdb-entry, x_refsource_VUPEN)
- oval:org.mitre.oval:def:13971 (x_refsource_OVAL, signature, vdb-entry)
- 39819 (x_refsource_SECUNIA, third-party-advisory)
- ADV-2010-1107 (vdb-entry, x_refsource_VUPEN)
Frequently asked questions
- What is CVE-2010-0840?
- CVE-2010-0840 is a vulnerability in N/a. Published 2010-04-01.
- Is CVE-2010-0840 known to be exploited?
- Yes. CVE-2010-0840 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2022-05-25), indicating it is being actively exploited. 5 public proof-of-concept repositories are indexed.