CVE-2010-0840 on CISA KEV
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information
CISA KEV — Actively Exploited
Oracle JRE Unspecified Vulnerability
Vendor / Product
— / Oracle / Java Runtime Environment (JRE)
CVSS / EPSS
— — · EPSS 92.08%
01What CISA says about this vulnerability
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is…
02Required action — verbatim from CISA
Apply updates per vendor instructions.
03Notes & references
- lists.apple.com — http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
- marc.info — http://marc.info/?l=bugtraq&m=134254866602253&w=2
- www.securityfocus.com — http://www.securityfocus.com/archive/1/510528/100/0/threaded
- secunia.com — http://secunia.com/advisories/39317
- www.redhat.com — http://www.redhat.com/support/errata/RHSA-2010-0383.html
- secunia.com — http://secunia.com/advisories/40545
- www.vupen.com — http://www.vupen.com/english/advisories/2010/1454
- oval.cisecurity.org — https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3…
- secunia.com — http://secunia.com/advisories/39819
- www.vupen.com — http://www.vupen.com/english/advisories/2010/1107
- www.redhat.com — http://www.redhat.com/support/errata/RHSA-2010-0338.html
- www.vupen.com — http://www.vupen.com/english/advisories/2010/1793
- lists.apple.com — http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
- lists.opensuse.org — http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
- secunia.com — http://secunia.com/advisories/43308
- www.oracle.com — http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
- itrc.hp.com — http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
- marc.info — http://marc.info/?l=bugtraq&m=127557596201693&w=2
- www.oracle.com — http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html
- www.redhat.com — http://www.redhat.com/support/errata/RHSA-2010-0339.html
- marc.info — http://marc.info/?l=bugtraq&m=127557596201693&w=2
- secunia.com — http://secunia.com/advisories/39292
- support.apple.com — http://support.apple.com/kb/HT4170
- www.vupen.com — http://www.vupen.com/english/advisories/2010/1523
- www.vmware.com — http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
- www.securityfocus.com — http://www.securityfocus.com/bid/39065
- lists.opensuse.org — http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
- secunia.com — http://secunia.com/advisories/39659
- www.redhat.com — http://www.redhat.com/support/errata/RHSA-2010-0471.html
- lists.opensuse.org — http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
04SARA's analyst layer — why this matters
This vulnerability is currently on the CISA KEV list, which CISA only adds CVEs to when there is reliable evidence of active exploitation in the wild. For federal civilian agencies, BOD 22-01 requires remediation by the due date above. For everyone else, KEV is the strongest "patch immediately" signal you can get from public threat intel.
05Affected products (summary)
| Vendor | Product | Versions |
|---|
| n | a / n/a | n/a |
06Detection
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection:
Open in Sigma generator →