Unrated severityNVD Advisory· Published Jan 13, 2010· Updated Apr 23, 2026

CVE-2010-0067

Description

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An unspecified vulnerability in Oracle Containers for J2EE in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to compromise confidentiality.

Vulnerability

CVE-2010-0067 is an unspecified vulnerability in the Oracle Containers for J2EE component of Oracle Application Server. The affected versions are Oracle Application Server 10.1.2.3.0 and 10.1.3.4.0 [1]. The vulnerability can be exploited by remote attackers without authentication, according to the official description.

Exploitation

A remote attacker can exploit this vulnerability via unknown vectors, as the specifics have not been disclosed by Oracle [1]. No authentication is required, and the attack can be launched over a network. The exploitation details have not been publicly released.

Impact

Successful exploitation of this vulnerability leads to a compromise of confidentiality, potentially allowing an attacker to access sensitive information [1]. The exact scope and nature of the information disclosure are unknown due to the lack of public details.

Mitigation

Oracle addressed this vulnerability in the January 2010 Critical Patch Update. The fix is included in the patch releases for Oracle Application Server 10.1.2.3.0 and 10.1.3.4.0 [1]. Administrators should apply the appropriate patches from Oracle as soon as possible. No workarounds have been provided by the vendor.

References

Oracle Updates for Multiple Vulnerabilities | CISA

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Oracle Corporation/Application Server2 versions
cpe:2.3:a:oracle:application_server:10.1.2.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:application_server:10.1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server:10.1.3.4:*:*:*:*:*:*:*
Orionserver/Orion Application Serverllm-fuzzy
Range: 10.1.2.3, 10.1.3.4
Oracle Corporation/Oracle Containers for J2EEllm-fuzzy
Range: 10.1.2.3, 10.1.3.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.us-cert.gov/cas/techalerts/TA10-012A.htmlnvdUS Government Resource
www.oracle.com/technetwork/topics/security/cpujan2010-084891.htmlnvd
www.securitytracker.com/idnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000