CVE-2010-0840

9.8 CRITICAL CISA KEV - Actively Exploited
Published: April 01, 2010 Modified: October 22, 2025
View on NVD

Description

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
Source: secalert_us@oracle.com
Broken Link
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
Source: secalert_us@oracle.com
Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
Source: secalert_us@oracle.com
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
Source: secalert_us@oracle.com
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
Source: secalert_us@oracle.com
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
Source: secalert_us@oracle.com
Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=127557596201693&w=2
Source: secalert_us@oracle.com
Mailing List
http://marc.info/?l=bugtraq&m=134254866602253&w=2
Source: secalert_us@oracle.com
Mailing List
http://secunia.com/advisories/39292
Source: secalert_us@oracle.com
Broken Link Vendor Advisory
http://secunia.com/advisories/39317
Source: secalert_us@oracle.com
Broken Link Vendor Advisory
http://secunia.com/advisories/39659
Source: secalert_us@oracle.com
Broken Link Vendor Advisory
http://secunia.com/advisories/39819
Source: secalert_us@oracle.com
Broken Link Vendor Advisory
http://secunia.com/advisories/40211
Source: secalert_us@oracle.com
Broken Link Vendor Advisory
http://secunia.com/advisories/40545
Source: secalert_us@oracle.com
Broken Link Vendor Advisory
http://secunia.com/advisories/43308
Source: secalert_us@oracle.com
Broken Link Vendor Advisory
http://support.apple.com/kb/HT4170
Source: secalert_us@oracle.com
Release Notes Third Party Advisory
http://support.apple.com/kb/HT4171
Source: secalert_us@oracle.com
Release Notes Third Party Advisory
http://ubuntu.com/usn/usn-923-1
Source: secalert_us@oracle.com
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
Source: secalert_us@oracle.com
Broken Link
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
Source: secalert_us@oracle.com
Patch Third Party Advisory
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html
Source: secalert_us@oracle.com
Patch Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0337.html
Source: secalert_us@oracle.com
Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0338.html
Source: secalert_us@oracle.com
Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0339.html
Source: secalert_us@oracle.com
Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0383.html
Source: secalert_us@oracle.com
Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0471.html
Source: secalert_us@oracle.com
Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0489.html
Source: secalert_us@oracle.com
Broken Link
http://www.securityfocus.com/archive/1/510528/100/0/threaded
Source: secalert_us@oracle.com
Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/516397/100/0/threaded
Source: secalert_us@oracle.com
Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/39065
Source: secalert_us@oracle.com
Broken Link Third Party Advisory VDB Entry
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
Source: secalert_us@oracle.com
Third Party Advisory
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
Source: secalert_us@oracle.com
Release Notes
http://www.vupen.com/english/advisories/2010/1107
Source: secalert_us@oracle.com
Broken Link
http://www.vupen.com/english/advisories/2010/1191
Source: secalert_us@oracle.com
Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2010/1454
Source: secalert_us@oracle.com
Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2010/1523
Source: secalert_us@oracle.com
Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2010/1793
Source: secalert_us@oracle.com
Broken Link Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-10-056
Source: secalert_us@oracle.com
Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13971
Source: secalert_us@oracle.com
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9974
Source: secalert_us@oracle.com
Broken Link
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=127557596201693&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://marc.info/?l=bugtraq&m=134254866602253&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://secunia.com/advisories/39292
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://secunia.com/advisories/39317
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://secunia.com/advisories/39659
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://secunia.com/advisories/39819
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://secunia.com/advisories/40211
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://secunia.com/advisories/40545
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://secunia.com/advisories/43308
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://support.apple.com/kb/HT4170
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes Third Party Advisory
http://support.apple.com/kb/HT4171
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes Third Party Advisory
http://ubuntu.com/usn/usn-923-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Third Party Advisory
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0337.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0338.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0339.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0383.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0471.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0489.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securityfocus.com/archive/1/510528/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/516397/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/39065
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
http://www.vupen.com/english/advisories/2010/1107
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2010/1191
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2010/1454
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2010/1523
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2010/1793
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-10-056
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13971
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9974
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0840
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

81 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.8 / 10.0
EPSS (Exploit Probability)
92.2%
100th percentile
Exploitation Status
Actively Exploited
Remediation due: 2022-06-15

Affected Vendors

oracle canonical opensuse