CVE-2010-4472

Advisory lineage Upstream: 0 Downstream: 3
Modified
Published: 17 Feb 2011, 18:31
Last modified:07 Aug 2024, 03:43

Vulnerability Summary

Overall Risk (default)
low
12/100
CVSS Score
2.6 LOW
v2.0 (nvd)
EPSS Score
6.95% LOW
7% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

17 Feb 2011, 18:31
Published
Vulnerability first disclosed
07 Aug 2024, 03:43
Last Modified
Vulnerability information updated

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations."

CVSS Metrics

  • v2.0LOWScore: 2.6AV:N/AC:H/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 6.95% Percentile: 92%

Affected Systems

  • sunjdk

    ≤ 1.6.0 | 1.6.0 | 1.6.0:update_10 | 1.6.0:update_11 | 1.6.0:update_12 | 1.6.0:update_13 | 1.6.0:update_14 | 1.6.0:update_15 | 1.6.0:update_16 | 1.6.0:update_17 | 1.6.0:update_18 | 1.6.0:update_19 | 1.6.0:update_20 | 1.6.0:update_21 | 1.6.0:update_22 | 1.6.0:update_3 | 1.6.0:update_4 | 1.6.0:update_5 | 1.6.0:update_6 | 1.6.0:update_7 | 1.6.0:update1 | 1.6.0:update1_b06 | 1.6.0:update2

  • sunjre

    ≤ 1.6.0 | 1.6.0 | 1.6.0:update_1 | 1.6.0:update_10 | 1.6.0:update_11 | 1.6.0:update_12 | 1.6.0:update_13 | 1.6.0:update_14 | 1.6.0:update_15 | 1.6.0:update_16 | 1.6.0:update_17 | 1.6.0:update_18 | 1.6.0:update_19 | 1.6.0:update_2 | 1.6.0:update_20 | 1.6.0:update_21 | 1.6.0:update_22 | 1.6.0:update_3 | 1.6.0:update_4 | 1.6.0:update_5 | 1.6.0:update_6 | 1.6.0:update_7

References (17)