CVE-2010-3541 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2010-3541 Interim 1 23 2024-07-27T01:42:43Z current 2021-05-30T12:53:37Z 2024-07-27T01:42:43Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2010-3541 Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/56PQAQ4O3BAVYA7P4B5GRNBLUPZJ3RT4/#56PQAQ4O3BAVYA7P4B5GRNBLUPZJ3RT4 E-Mail link for SUSE-SA:2010:061 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GVBFEKJA5J3I723SZEMOEC5GJXUTBGOQ/#GVBFEKJA5J3I723SZEMOEC5GJXUTBGOQ E-Mail link for SUSE-SA:2011:006 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/D4LZZ3MZO5J623JA5TRPWFTPY7VAGNDI/#D4LZZ3MZO5J623JA5TRPWFTPY7VAGNDI E-Mail link for SUSE-SR:2010:019 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 java-1_4_2-ibm-1.4.2_sr13.10-0.4.1 java-1_4_2-ibm-1.4.2_sr13.6-1.6.1 java-1_4_2-ibm-jdbc-1.4.2_sr13.10-0.4.1 java-1_4_2-ibm-jdbc-1.4.2_sr13.18-0.4.1 java-1_4_2-ibm-plugin-1.4.2_sr13.10-0.4.1 java-1_4_2-ibm-plugin-1.4.2_sr13.18-0.4.1 java-1_6_0-ibm java-1_6_0-ibm-1.6.0_sr13.1-0.9.1 java-1_6_0-ibm-1.6.0_sr16.1-5.9 java-1_6_0-ibm-1.6.0_sr9.0-0.2.1 java-1_6_0-ibm-1.6.0_sr9.3-0.4.1 java-1_6_0-ibm-alsa-1.6.0_sr13.1-0.9.1 java-1_6_0-ibm-alsa-1.6.0_sr16.0-0.3.1 java-1_6_0-ibm-alsa-1.6.0_sr9.3-0.4.1 java-1_6_0-ibm-fonts java-1_6_0-ibm-fonts-1.6.0_sr13.1-0.9.1 java-1_6_0-ibm-fonts-1.6.0_sr16.1-5.9 java-1_6_0-ibm-fonts-1.6.0_sr9.0-0.2.1 java-1_6_0-ibm-fonts-1.6.0_sr9.3-0.4.1 java-1_6_0-ibm-jdbc java-1_6_0-ibm-jdbc-1.6.0_sr13.1-0.9.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.1-5.9 java-1_6_0-ibm-jdbc-1.6.0_sr9.0-0.2.1 java-1_6_0-ibm-jdbc-1.6.0_sr9.3-0.4.1 java-1_6_0-ibm-plugin java-1_6_0-ibm-plugin-1.6.0_sr13.1-0.9.1 java-1_6_0-ibm-plugin-1.6.0_sr16.1-5.9 java-1_6_0-ibm-plugin-1.6.0_sr9.0-0.2.1 java-1_6_0-ibm-plugin-1.6.0_sr9.3-0.4.1 java-1_6_0-ibm-1.6.0_sr16.1-5.9 as a component of SUSE Linux Enterprise Module for Legacy 12 java-1_6_0-ibm-fonts-1.6.0_sr16.1-5.9 as a component of SUSE Linux Enterprise Module for Legacy 12 java-1_6_0-ibm-jdbc-1.6.0_sr16.1-5.9 as a component of SUSE Linux Enterprise Module for Legacy 12 java-1_6_0-ibm-plugin-1.6.0_sr16.1-5.9 as a component of SUSE Linux Enterprise Module for Legacy 12 java-1_4_2-ibm-1.4.2_sr13.6-1.6.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA java-1_4_2-ibm-jdbc-1.4.2_sr13.18-0.4.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA java-1_4_2-ibm-plugin-1.4.2_sr13.18-0.4.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA java-1_6_0-ibm-1.6.0_sr9.0-0.2.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA java-1_6_0-ibm-alsa-1.6.0_sr16.0-0.3.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA java-1_6_0-ibm-fonts-1.6.0_sr9.0-0.2.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA java-1_6_0-ibm-jdbc-1.6.0_sr9.0-0.2.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA java-1_6_0-ibm-plugin-1.6.0_sr9.0-0.2.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA java-1_4_2-ibm-1.4.2_sr13.10-0.4.1 as a component of SUSE Linux Enterprise Server 11 SP2 java-1_4_2-ibm-jdbc-1.4.2_sr13.10-0.4.1 as a component of SUSE Linux Enterprise Server 11 SP2 java-1_4_2-ibm-plugin-1.4.2_sr13.10-0.4.1 as a component of SUSE Linux Enterprise Server 11 SP2 java-1_6_0-ibm-1.6.0_sr9.3-0.4.1 as a component of SUSE Linux Enterprise Server 11 SP2 java-1_6_0-ibm-alsa-1.6.0_sr9.3-0.4.1 as a component of SUSE Linux Enterprise Server 11 SP2 java-1_6_0-ibm-fonts-1.6.0_sr9.3-0.4.1 as a component of SUSE Linux Enterprise Server 11 SP2 java-1_6_0-ibm-jdbc-1.6.0_sr9.3-0.4.1 as a component of SUSE Linux Enterprise Server 11 SP2 java-1_6_0-ibm-plugin-1.6.0_sr9.3-0.4.1 as a component of SUSE Linux Enterprise Server 11 SP2 java-1_6_0-ibm-1.6.0_sr13.1-0.9.1 as a component of SUSE Linux Enterprise Server 11 SP3 java-1_6_0-ibm-alsa-1.6.0_sr13.1-0.9.1 as a component of SUSE Linux Enterprise Server 11 SP3 java-1_6_0-ibm-fonts-1.6.0_sr13.1-0.9.1 as a component of SUSE Linux Enterprise Server 11 SP3 java-1_6_0-ibm-jdbc-1.6.0_sr13.1-0.9.1 as a component of SUSE Linux Enterprise Server 11 SP3 java-1_6_0-ibm-plugin-1.6.0_sr13.1-0.9.1 as a component of SUSE Linux Enterprise Server 11 SP3 java-1_6_0-ibm as a component of SUSE Linux Enterprise Module for Legacy 12 java-1_6_0-ibm-fonts as a component of SUSE Linux Enterprise Module for Legacy 12 java-1_6_0-ibm-jdbc as a component of SUSE Linux Enterprise Module for Legacy 12 java-1_6_0-ibm-plugin as a component of SUSE Linux Enterprise Module for Legacy 12 Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. CVE-2010-3541 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.1-5.9 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.1-5.9 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.1-5.9 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.1-5.9 SUSE Linux Enterprise Server 11 SP1-TERADATA:java-1_4_2-ibm-1.4.2_sr13.6-1.6.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:java-1_4_2-ibm-jdbc-1.4.2_sr13.18-0.4.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:java-1_4_2-ibm-plugin-1.4.2_sr13.18-0.4.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:java-1_6_0-ibm-1.6.0_sr9.0-0.2.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:java-1_6_0-ibm-alsa-1.6.0_sr16.0-0.3.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:java-1_6_0-ibm-fonts-1.6.0_sr9.0-0.2.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:java-1_6_0-ibm-jdbc-1.6.0_sr9.0-0.2.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:java-1_6_0-ibm-plugin-1.6.0_sr9.0-0.2.1 SUSE Linux Enterprise Server 11 SP2:java-1_4_2-ibm-1.4.2_sr13.10-0.4.1 SUSE Linux Enterprise Server 11 SP2:java-1_4_2-ibm-jdbc-1.4.2_sr13.10-0.4.1 SUSE Linux Enterprise Server 11 SP2:java-1_4_2-ibm-plugin-1.4.2_sr13.10-0.4.1 SUSE Linux Enterprise Server 11 SP2:java-1_6_0-ibm-1.6.0_sr9.3-0.4.1 SUSE Linux Enterprise Server 11 SP2:java-1_6_0-ibm-alsa-1.6.0_sr9.3-0.4.1 SUSE Linux Enterprise Server 11 SP2:java-1_6_0-ibm-fonts-1.6.0_sr9.3-0.4.1 SUSE Linux Enterprise Server 11 SP2:java-1_6_0-ibm-jdbc-1.6.0_sr9.3-0.4.1 SUSE Linux Enterprise Server 11 SP2:java-1_6_0-ibm-plugin-1.6.0_sr9.3-0.4.1 SUSE Linux Enterprise Server 11 SP3:java-1_6_0-ibm-1.6.0_sr13.1-0.9.1 SUSE Linux Enterprise Server 11 SP3:java-1_6_0-ibm-alsa-1.6.0_sr13.1-0.9.1 SUSE Linux Enterprise Server 11 SP3:java-1_6_0-ibm-fonts-1.6.0_sr13.1-0.9.1 SUSE Linux Enterprise Server 11 SP3:java-1_6_0-ibm-jdbc-1.6.0_sr13.1-0.9.1 SUSE Linux Enterprise Server 11 SP3:java-1_6_0-ibm-plugin-1.6.0_sr13.1-0.9.1 critical 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P