VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 19, 2010· Updated Apr 29, 2026

CVE-2010-3561

CVE-2010-3561

Description

Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unspecified vulnerability in Oracle Java SE CORBA component allows remote attackers to bypass network restrictions via ServerSocket accept method.

Vulnerability

The vulnerability resides in the CORBA component of Oracle Java SE and Java for Business versions 6 Update 21 and 5.0 Update 25 [4]. The issue involves the privileged accept method in the ServerSocket class, which does not restrict which hosts can connect, allowing remote attackers to bypass intended network access restrictions [3].

Exploitation

An attacker with network access to a system running the vulnerable Java version can exploit this by sending a specially crafted CORBA request. The lack of host restrictions in the ServerSocket accept method allows the attacker to bypass network access controls without authentication [3].

Impact

Successful exploitation can lead to remote unauthorized information disclosure, modification, and denial of service (DoS) [1][2]. The attacker may gain the ability to execute arbitrary code with the privileges of the Java process, potentially leading to full system compromise.

Mitigation

Oracle addressed this vulnerability in the October 2010 Critical Patch Update. Users should upgrade to Java SE 6 Update 22 or later, or Java SE 5.0 Update 26 or later [4]. Affected products from VMware, HP, and Hitachi have also released patched versions [1][2][4].

References
  1. Support Content Notification - Support Portal - Broadcom support portal
  2. '[security bulletin] HPSBMU02799 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.0x Running JD'
  3. ASA-2010-308 (RHSA-2010-0768)
  4. Cosminexusにおける複数の脆弱性:ソフトウェア製品セキュリティ情報:ソフトウェア:日立

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

95
  • Sun Corporation/Jdk47 versions
    cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*+ 46 more
    • cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:*:update_21:*:*:*:*:*:*range: <=1.6.0
    • cpe:2.3:a:sun:jdk:*:update25:*:*:*:*:*:*range: <=1.5.0
  • Sun Corporation/Jre46 versions
    cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*+ 45 more
    • cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:*:update_21:*:*:*:*:*:*range: <=1.6.0
    • cpe:2.3:a:sun:jre:*:update25:*:*:*:*:*:*range: <=1.5.0
  • Sun Corporation/Java Sellm-fuzzy
    Range: =6 Update 21, =5.0 Update 25
  • Oracle Corporation/Java for Businessllm-fuzzy
    Range: =6 Update 21, =5.0 Update 25

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

27

News mentions

0

No linked articles in our index yet.