CVE-2010-0840

Known Exploited

Description

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."

9.8

CVSS

Severity: Critical

CVSS 3.1 •

CVSS 2.0 •

EPSS 92.62% Top 5%

KEV Since

Vendor Advisory apple.com Vendor Advisory marc.info Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory apple.com Vendor Advisory opensuse.org Vendor Advisory hp.com Vendor Advisory marc.info Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory ubuntu.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory mandriva.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory vupen.com Vendor Advisory vupen.com Vendor Advisory vupen.com Vendor Advisory vupen.com

Affected: n/a n/a

References

Link	Tags
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html	vendor advisory mailing list third party advisory
http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor advisory mailing list
http://www.securityfocus.com/archive/1/510528/100/0/threaded	broken link mailing list third party advisory vdb entry
http://secunia.com/advisories/39317	vendor advisory broken link third party advisory
http://www.redhat.com/support/errata/RHSA-2010-0383.html	vendor advisory broken link
http://secunia.com/advisories/40545	vendor advisory broken link third party advisory
http://www.vupen.com/english/advisories/2010/1454	vendor advisory broken link vdb entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13971	signature vdb entry broken link
http://secunia.com/advisories/39819	vendor advisory broken link third party advisory
http://www.vupen.com/english/advisories/2010/1107	vdb entry broken link
http://www.redhat.com/support/errata/RHSA-2010-0338.html	vendor advisory broken link
http://www.vupen.com/english/advisories/2010/1793	vendor advisory broken link vdb entry
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html	vendor advisory mailing list third party advisory
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html	vendor advisory mailing list third party advisory
http://secunia.com/advisories/43308	vendor advisory broken link third party advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html	third party advisory patch
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751	vendor advisory broken link
http://marc.info/?l=bugtraq&m=127557596201693&w=2	vendor advisory mailing list
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html	third party advisory patch
http://www.redhat.com/support/errata/RHSA-2010-0339.html	vendor advisory broken link
http://secunia.com/advisories/39292	vendor advisory broken link third party advisory
http://support.apple.com/kb/HT4170	third party advisory release notes
http://www.vupen.com/english/advisories/2010/1523	vendor advisory broken link vdb entry
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html	release notes
http://www.securityfocus.com/bid/39065	broken link third party advisory vdb entry
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html	vendor advisory mailing list third party advisory
http://secunia.com/advisories/39659	vendor advisory broken link third party advisory
http://www.redhat.com/support/errata/RHSA-2010-0471.html	vendor advisory broken link
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html	vendor advisory mailing list third party advisory
http://ubuntu.com/usn/usn-923-1	third party advisory vendor advisory
http://www.vmware.com/security/advisories/VMSA-2011-0003.html	third party advisory
http://www.redhat.com/support/errata/RHSA-2010-0337.html	vendor advisory broken link
http://www.redhat.com/support/errata/RHSA-2010-0489.html	vendor advisory broken link
http://www.zerodayinitiative.com/advisories/ZDI-10-056	third party advisory vdb entry
http://secunia.com/advisories/40211	vendor advisory broken link third party advisory
http://support.apple.com/kb/HT4171	third party advisory release notes
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9974	signature vdb entry broken link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084	vendor advisory broken link
http://www.securityfocus.com/archive/1/516397/100/0/threaded	broken link mailing list third party advisory vdb entry
http://www.vupen.com/english/advisories/2010/1191	vendor advisory broken link vdb entry

Frequently Asked Questions

What is the severity of CVE-2010-0840?: CVE-2010-0840 has been scored as a critical severity vulnerability.
How to fix CVE-2010-0840?: To fix CVE-2010-0840, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2010-0840 being actively exploited in the wild?: It is confirmed that CVE-2010-0840 is actively exploited. Be extra cautious if you are using vulnerable components. According to its EPSS score, there is a ~93% probability that this vulnerability will be exploited by malicious actors in the next 30 days.