VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 19, 2010· Updated Apr 29, 2026

CVE-2010-3573

CVE-2010-3573

Description

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unspecified vulnerability in Oracle Java SE Networking component allows remote attackers to bypass security policy via missing validation of request headers in HttpURLConnection.

Vulnerability

The vulnerability resides in the Networking component of Oracle Java SE and Java for Business, specifically in the HttpURLConnection class. When applets set request headers, the class fails to properly validate them, allowing a remote attacker to bypass the intended security policy [4]. Affected versions include Java SE 6 Update 21 and Java SE 5.0 Update 25.

Exploitation

An attacker can exploit this vulnerability by hosting a malicious applet that sets crafted request headers via HttpURLConnection. No authentication is required; the attacker only needs to lure a user into running the applet in a vulnerable Java environment. The missing validation of these headers enables the applet to perform actions that should be restricted by the Java security sandbox.

Impact

Successful exploitation allows the attacker to affect the confidentiality, integrity, and availability of the system. By bypassing the security policy, the attacker can make unauthorized network requests, potentially leading to information disclosure, data modification, or denial of service.

Mitigation

Oracle addressed this vulnerability in the October 2010 Critical Patch Update. Users should upgrade to Java SE 6 Update 22 or later, or Java SE 5.0 Update 26 or later [4]. No workaround is documented in the available references.

References
  1. ASA-2010-307 (RHSA-2010-0770)

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

95
  • Sun Corporation/Jdk47 versions
    cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*+ 46 more
    • cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:*:update_21:*:*:*:*:*:*range: <=1.6.0
    • cpe:2.3:a:sun:jdk:*:update25:*:*:*:*:*:*range: <=1.5.0
  • Sun Corporation/Jre46 versions
    cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*+ 45 more
    • cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:*:update_21:*:*:*:*:*:*range: <=1.6.0
    • cpe:2.3:a:sun:jre:*:update25:*:*:*:*:*:*range: <=1.5.0
  • Sun Corporation/Java Sellm-fuzzy
    Range: 6 Update 21, 5.0 Update 25
  • Oracle Corporation/Java for Businessllm-fuzzy
    Range: 6 Update 21, 5.0 Update 25

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

29

News mentions

0

No linked articles in our index yet.