CVE-2010-3564

Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail.  NOTE: the previous information was obtained from the October 2010 CPU.  Oracle has not commented on claims from a reliable downstream vendor that the Kerberos implementation does not properly check AP-REQ requests, which allows attackers to cause a denial of service in the JVM.  NOTE: CVE has not investigated the apparent discrepancy between the two vendors regarding the consequences of this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
oracleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
oraclesun_products_suite
7.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openjdk-6
natty
not-affected
maverick
Fixed 6b20-1.9.1-1ubuntu3
released
lucid
Fixed 1.8.2-4ubuntu2
released
karmic
Fixed 1.8.2-4ubuntu1~9.10.1
released
jaunty
Fixed 1.8.2-4ubuntu1~9.04.1
released
hardy
Fixed 1.8.2-4ubuntu1~8.04.1
released
dapper
dne
openjdk-6b18
natty
not-affected
maverick
Fixed 6b18-1.8.2-4ubuntu1
released
lucid
not-affected
karmic
not-affected
intrepid
dne
hardy
dne
dapper
dne
sun-java5
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
ignored
hardy
ignored
dapper
ignored
sun-java6
natty
Fixed 6.22-0ubuntu1~10.10
released
maverick
Fixed 6.22-0ubuntu1~10.10
released
lucid
Fixed 6.22-0ubuntu1~10.04
released
karmic
Fixed 6.22-0ubuntu1~9.10.1
released
jaunty
Fixed 6.22-0ubuntu1~9.04.1
released
hardy
Fixed 6.22-0ubuntu1~8.04.1
released
dapper
dne
References
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html
http://secunia.com/advisories/41972
http://secunia.com/advisories/42377
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://support.avaya.com/css/P8/documents/100114327
http://support.avaya.com/css/P8/documents/100123193
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
http://www.redhat.com/support/errata/RHSA-2010-0768.html
http://www.redhat.com/support/errata/RHSA-2010-0865.html
http://www.securityfocus.com/bid/43963
http://www.ubuntu.com/usn/USN-1010-1
http://www.us-cert.gov/cas/techalerts/TA10-287A.html
http://www.vupen.com/english/advisories/2010/3086
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12398
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html
http://secunia.com/advisories/41972
http://secunia.com/advisories/42377
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://support.avaya.com/css/P8/documents/100114327
http://support.avaya.com/css/P8/documents/100123193
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
http://www.redhat.com/support/errata/RHSA-2010-0768.html
http://www.redhat.com/support/errata/RHSA-2010-0865.html
http://www.securityfocus.com/bid/43963
http://www.ubuntu.com/usn/USN-1010-1
http://www.us-cert.gov/cas/techalerts/TA10-287A.html
http://www.vupen.com/english/advisories/2010/3086
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12398