{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-02-15T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the \"XML DSig Transform or C14N algorithm implementations.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-21T18:57:01.000Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html"}, {"name": "FEDORA-2011-1631", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"}, {"name": "GLSA-201406-32", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"name": "HPSBMU02799", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"}, {"name": "46404", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/46404"}, {"name": "FEDORA-2011-1645", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"}, {"name": "oval:org.mitre.oval:def:12903", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12903"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html"}, {"name": "oval:org.mitre.oval:def:14118", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14118"}, {"name": "43350", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43350"}, {"name": "RHSA-2011:0282", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0282.html"}, {"name": "DSA-2224", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2011/dsa-2224"}, {"name": "SSRT100867", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"}, {"name": "RHSA-2011:0281", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0281.html"}, {"name": "oracle-java-xml-dos(65411)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65411"}, {"name": "MDVSA-2011:054", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"}, {"name": "HPSBMU02797", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2010-4472", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the \"XML DSig Transform or C14N algorithm implementations.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html", "refsource": "CONFIRM", "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html"}, {"name": "FEDORA-2011-1631", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"}, {"name": "GLSA-201406-32", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"name": "HPSBMU02799", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"}, {"name": "46404", "refsource": "BID", "url": "http://www.securityfocus.com/bid/46404"}, {"name": "FEDORA-2011-1645", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"}, {"name": "oval:org.mitre.oval:def:12903", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12903"}, {"name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html"}, {"name": "oval:org.mitre.oval:def:14118", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14118"}, {"name": "43350", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43350"}, {"name": "RHSA-2011:0282", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2011-0282.html"}, {"name": "DSA-2224", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2011/dsa-2224"}, {"name": "SSRT100867", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"}, {"name": "RHSA-2011:0281", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2011-0281.html"}, {"name": "oracle-java-xml-dos(65411)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65411"}, {"name": "MDVSA-2011:054", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"}, {"name": "HPSBMU02797", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:43:14.961Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html"}, {"name": "FEDORA-2011-1631", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"}, {"name": "GLSA-201406-32", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"name": "HPSBMU02799", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"}, {"name": "46404", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/46404"}, {"name": "FEDORA-2011-1645", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"}, {"name": "oval:org.mitre.oval:def:12903", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12903"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html"}, {"name": "oval:org.mitre.oval:def:14118", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14118"}, {"name": "43350", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43350"}, {"name": "RHSA-2011:0282", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0282.html"}, {"name": "DSA-2224", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2011/dsa-2224"}, {"name": "SSRT100867", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"}, {"name": "RHSA-2011:0281", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0281.html"}, {"name": "oracle-java-xml-dos(65411)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65411"}, {"name": "MDVSA-2011:054", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"}, {"name": "HPSBMU02797", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2010-4472", "datePublished": "2011-02-17T18:31:00.000Z", "dateReserved": "2010-12-06T00:00:00.000Z", "dateUpdated": "2024-08-07T03:43:14.961Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sun:jre:*:update_23:*:*:*:*:*:*", "matchCriteriaId": "0863352B-4389-466F-9240-90944DB1B932", "versionEndIncluding": "1.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "CBCD143C-057D-4F42-B487-46801E14ACF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "matchCriteriaId": "09027C19-D442-446F-B7A8-21DB6787CF43", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "matchCriteriaId": "0A0FEC28-0707-4F42-9740-78F3D2D551EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "matchCriteriaId": "C3C5879A-A608-4230-9DC1-C27F0F48A13B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "matchCriteriaId": "0C71089A-BDDE-41FC-9DF9-9AEF4C2374DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "matchCriteriaId": "2DBB6B73-8D6B-41FF-BEE0-E0C7F5F1EB41", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "matchCriteriaId": "12A3B254-8580-45DB-BDE4-5B5A29CBFFB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "matchCriteriaId": "1DB1DE6A-66AE-499B-AD92-9E6ACE474C6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "matchCriteriaId": "AADBB4F9-E43E-428B-9979-F47A15696C85", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "matchCriteriaId": "49260B94-05DE-4B78-9068-6F5F6BFDD19E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "matchCriteriaId": "C4FDE9EB-08FE-436E-A265-30E83B15DB23", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", "matchCriteriaId": "BE409D5C-8F9F-4DE9-ACB7-0E0B813F6399", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "matchCriteriaId": "7158D2C0-E9AC-4CD6-B777-EA7B7A181997", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", "matchCriteriaId": "B08C075B-9FC0-4381-A9E4-FFF0362BD308", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", "matchCriteriaId": "F587E635-3A15-4186-B6A1-F99BE0A56820", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*", "matchCriteriaId": "188D2242-7D16-4F8E-AB61-4663804AAC17", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "matchCriteriaId": "90EC6C13-4B37-48E5-8199-A702A944D5A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "matchCriteriaId": "2528152C-E20A-4D97-931C-A5EC3CEAA06D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "matchCriteriaId": "A99DAB4C-272B-4C91-BC70-7729E1152590", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*", "matchCriteriaId": "30DFC10A-A4D9-4F89-B17C-AB9260087D29", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "matchCriteriaId": "272A5C44-18EC-41A9-8233-E9D4D0734EA6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sun:jdk:*:update_23:*:*:*:*:*:*", "matchCriteriaId": "F647BC01-31B7-4FF9-B77B-FD4F5B3E708D", "versionEndIncluding": "1.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A3A4FEC7-A4A0-4B5C-A56C-8F80AE19865E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "matchCriteriaId": "722A93D8-B5BC-42F3-92A2-E424F61269A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "matchCriteriaId": "775F2611-F11C-4B84-8F40-0D034B81BF18", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "matchCriteriaId": "F20FDD9F-FF45-48BC-9207-54FB02E76071", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "matchCriteriaId": "9FA326F5-894A-4B01-BCA3-B126DA81CA59", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "matchCriteriaId": "228AB7B4-4BA4-43D4-B562-D438884DB152", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "matchCriteriaId": "AFD5C688-2103-4D60-979E-D9BE69A989C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "matchCriteriaId": "21421215-F722-4207-A2E5-E2DF4B29859B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "matchCriteriaId": "BFB9EA23-0EF7-4582-A265-3F5AA9EC81B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "matchCriteriaId": "C367B418-659E-4627-B1F1-1B1216C99055", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", "matchCriteriaId": "CD5E6D4E-DDDD-4B45-B5E9-F8A916287AF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", "matchCriteriaId": "7358492A-491C-491E-AEDF-63CB82619BAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", "matchCriteriaId": "C3DACAAF-AFDC-4391-9E85-344F30937F76", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*", "matchCriteriaId": "ECEDE405-CEF6-4E52-A8AE-28B9274B2289", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "matchCriteriaId": "D98175BF-B084-4FA5-899D-9E80DC3923EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "matchCriteriaId": "820632CE-F8DF-47EE-B716-7530E60008B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "matchCriteriaId": "FA2BD0A3-7B2D-447B-ABAC-7B867B03B632", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "matchCriteriaId": "D54AB785-E9B7-47BD-B756-0C3A629D67DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "matchCriteriaId": "E9412098-0353-4F7B-9245-010557E6C651", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "matchCriteriaId": "AD30DAEB-4893-41CF-A455-B69C463B9337", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "matchCriteriaId": "21D6CE7E-A036-496C-8E08-A87F62B5290A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "matchCriteriaId": "B8F93BBE-1E8C-4EB3-BCC7-20AB2D813F98", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the \"XML DSig Transform or C14N algorithm implementations.\""}, {"lang": "es", "value": "Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Oracle Java SE y Java for Business 6 Update 23 y versiones anteriores permite a atacantes remotos afectar la disponibilidad, relacionado con XML Digital Signature y APIs no especificadas. NOTA: la informaci\u00f3n previa fue obtenida de febrero 2011 CPU. Oracle no ha comentado sobre las alegaciones de un proveedor downstream de que este problema conlleva el reemplazo de \"implementaciones de algoritmos XML DSig Transform o C14N\"."}], "id": "CVE-2010-4472", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-02-17T19:00:01.747", "references": [{"source": "secalert_us@oracle.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"}, {"source": "secalert_us@oracle.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"}, {"source": "secalert_us@oracle.com", "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"}, {"source": "secalert_us@oracle.com", "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"}, {"source": "secalert_us@oracle.com", "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"}, {"source": "secalert_us@oracle.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43350"}, {"source": "secalert_us@oracle.com", "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"source": "secalert_us@oracle.com", "url": "http://www.debian.org/security/2011/dsa-2224"}, {"source": "secalert_us@oracle.com", "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"}, {"source": "secalert_us@oracle.com", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"}, {"source": "secalert_us@oracle.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html"}, {"source": "secalert_us@oracle.com", "tags": ["Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0281.html"}, {"source": "secalert_us@oracle.com", "tags": ["Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0282.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.securityfocus.com/bid/46404"}, {"source": "secalert_us@oracle.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65411"}, {"source": "secalert_us@oracle.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12903"}, {"source": "secalert_us@oracle.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14118"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43350"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2011/dsa-2224"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0281.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0282.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/46404"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65411"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12903"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14118"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2011:0282", "cpe": "cpe:/a:redhat:rhel_extras:4", "package": "java-1.6.0-sun-1:1.6.0.24-1jpp.1.el4", "product_name": "Extras for RHEL 4", "release_date": "2011-02-17T00:00:00Z"}, {"advisory": "RHSA-2011:0281", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "java-1.6.0-openjdk-1:1.6.0.0-1.20.b17.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2011-02-17T00:00:00Z"}, {"advisory": "RHSA-2011:0281", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "java-1.6.0-openjdk-1:1.6.0.0-1.39.b17.el6_0", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2011-02-17T00:00:00Z"}, {"advisory": "RHSA-2011:0282", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.6.0-sun-1:1.6.0.24-1jpp.1.el6", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2011-02-17T00:00:00Z"}, {"advisory": "RHSA-2011:0282", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.6.0-sun-1:1.6.0.24-1jpp.1.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2011-02-17T00:00:00Z"}], "bugzilla": {"description": "OpenJDK untrusted code allowed to replace DSIG/C14N implementation (6994263)", "id": "675942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675942"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the \"XML DSig Transform or C14N algorithm implementations.\""], "name": "CVE-2010-4472", "public_date": "2011-02-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-4472\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-4472"], "threat_severity": "Low"}

{}