CVE-2010-3563
Oracle Java SE/Jav for Bus <6 Update 21 - Info Disclosure
Title source: llmDescription
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/16495
metasploit
WORKING POC
EXCELLENT
by Matthias Kaiser, egypt · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/java_basicservice_impl.rb
References (14)
Scores
EPSS
0.8876
EPSS Percentile
99.5%
Details
Status
published
Products (4)
sun/jdk
1.6.0 (20 CPE variants)
sun/jdk
< 1.6.0
sun/jre
1.6.0 (19 CPE variants)
sun/jre
< 1.6.0
Published
Oct 19, 2010
Tracked Since
Feb 18, 2026