Unrated severityNVD Advisory· Published Apr 1, 2010· Updated Apr 29, 2026

CVE-2010-0090

Description

Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Oracle Java SE and Java for Business 6 Update 18 Java Web Start and Plug-in component vulnerability allowing remote attacks on integrity and availability.

Vulnerability

An unspecified vulnerability exists in the Java Web Start and Java Plug-in components of Oracle Java SE and Java for Business 6 Update 18 [2][3]. The vulnerability is present when untrusted Java applets or Java Web Start applications are executed within a browser or standalone environment [1][4]. Affected versions include Oracle Java SE 6 Update 18 [2][3].

Exploitation

A remote attacker can trigger the vulnerability by convincing a user to visit a malicious website hosting a crafted Java applet or by launching a malicious Java Web Start application [2][3]. No authentication is required and user interaction is limited to accepting the applet or clicking a link [2][4]. The exact attack vector is not disclosed in available sources but involves unspecified manipulation of the Java Plug-in or Web Start components [1][2].

Impact

Successful exploitation allows an attacker to affect the integrity and availability of the system [2][3]. This could lead to modification of data or denial of service conditions under the privileges of the user running the vulnerable Java software [2][4]. The confidentiality impact is not mentioned in available references, indicating the primary risks are data tampering and service disruption [2][3].

Mitigation

No specific patch for this CVE is mentioned in the references [2][3]; however, Oracle issued multiple security updates for Java in later releases. Users should upgrade to a version later than Java SE 6 Update 18 [4]. Red Hat provided RHSA-2010:0337 addressing this issue [4]. Apply the latest Java update from Oracle or the vendor-specific patch as applicable [2][4].

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Sun Corporation/Jdk18 versions
cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:*:update_18:*:*:*:*:*:*range: <=1.6.0
Sun Corporation/Jre17 versions
cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:*:update_18:*:*:*:*:*:*range: <=1.6.0
Sun Corporation/Java Sellm-fuzzy
Range: 6 Update 18
Oracle Corporation/Java for Businessllm-fuzzy
Range: 6 Update 18

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/39317nvdVendor Advisory
secunia.com/advisories/39659nvdVendor Advisory
secunia.com/advisories/39819nvdVendor Advisory
secunia.com/advisories/40545nvdVendor Advisory
secunia.com/advisories/43308nvdVendor Advisory
www.vupen.com/english/advisories/2010/1191nvdVendor Advisory
www.vupen.com/english/advisories/2010/1454nvdVendor Advisory
www.vupen.com/english/advisories/2010/1793nvdVendor Advisory
itrc.hp.com/service/cki/docDisplay.donvd
lists.apple.com/archives/security-announce/2010//May/msg00001.htmlnvd
lists.apple.com/archives/security-announce/2010//May/msg00002.htmlnvd
lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.htmlnvd
marc.infonvd
support.apple.com/kb/HT4170nvd
support.apple.com/kb/HT4171nvd
www.oracle.com/technetwork/topics/security/javacpumar2010-083341.htmlnvd
www.redhat.com/support/errata/RHSA-2010-0337.htmlnvd
www.redhat.com/support/errata/RHSA-2010-0383.htmlnvd
www.redhat.com/support/errata/RHSA-2010-0471.htmlnvd
www.securityfocus.com/archive/1/516397/100/0/threadednvd
www.vmware.com/security/advisories/VMSA-2011-0003.htmlnvd
www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlnvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14237nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000