CVE-2010-3564

{"id": "CVE-2010-3564", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-10-14T18:00:17.837", "references": [{"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748", "source": "secalert_us@oracle.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html", "source": "secalert_us@oracle.com"}, {"url": "http://secunia.com/advisories/41972", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://secunia.com/advisories/42377", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml", "source": "secalert_us@oracle.com"}, {"url": "http://support.avaya.com/css/P8/documents/100114327", "source": "secalert_us@oracle.com"}, {"url": "http://support.avaya.com/css/P8/documents/100123193", "source": "secalert_us@oracle.com"}, {"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html", "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", "source": "secalert_us@oracle.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html", "source": "secalert_us@oracle.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html", "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/43963", "source": "secalert_us@oracle.com"}, {"url": "http://www.ubuntu.com/usn/USN-1010-1", "source": "secalert_us@oracle.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html", "tags": ["US Government Resource"], "source": "secalert_us@oracle.com"}, {"url": "http://www.vupen.com/english/advisories/2010/3086", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12398", "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that the Kerberos implementation does not properly check AP-REQ requests, which allows attackers to cause a denial of service in the JVM. NOTE: CVE has not investigated the apparent discrepancy between the two vendors regarding the consequences of this issue."}, {"lang": "es", "value": "Una vulnerabilidad no especificada en el componente Oracle Communications Messaging Server (Sun Java System Messaging Server) en Sun Products Suite de Oracle versi\u00f3n 7.0, permite a los atacantes remotos afectar a la confidencialidad e integridad por medio de vectores desconocidos relacionados con Webmail. NOTA: la informaci\u00f3n anterior fue obtenida de la CPU en octubre de 2010. Oracle no ha comentado las afirmaciones de un proveedor aguas abajo confiable de que la implementaci\u00f3n de Kerberos no comprueba apropiadamente las peticiones AP-REQ, lo que permite a los atacantes causar una denegaci\u00f3n de servicio en la JVM. NOTA: CVE no ha investigado la aparente discrepancia entre los dos proveedores con respecto a las consecuencias de este problema."}], "lastModified": "2017-09-19T01:31:26.940", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:sun_products_suite:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "254C5676-E34D-432F-8BF9-F4FE0956ED1E"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}