VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 17, 2011· Updated Apr 29, 2026

CVE-2010-4448

CVE-2010-4448

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unspecified networking vulnerability in Oracle Java SE and Java for Business allows untrusted applets to affect integrity, possibly via DNS cache poisoning.

Vulnerability

CVE-2010-4448 is an unspecified vulnerability in the Networking component of the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business. Affected versions include 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier. The vulnerability can be triggered by remote untrusted Java Web Start applications and untrusted Java applets. While the exact nature is undisclosed, a downstream vendor has claimed it involves DNS cache poisoning by untrusted applets [1][2][3][4].

Exploitation

An attacker can exploit this vulnerability by delivering a malicious Java applet or Java Web Start application to a victim. No authentication is required, but the victim must run the untrusted code in a vulnerable JRE. The attack vector is network-based, and the specific steps are not publicly detailed; however, the downstream vendor's claim suggests the attacker may craft a malicious applet that performs DNS cache poisoning, potentially redirecting network traffic.

Impact

Successful exploitation affects the integrity of the system. According to the vendor, the impact is on integrity, and the downstream vendor's claim indicates that DNS cache poisoning could allow an attacker to redirect network connections to malicious hosts, leading to further compromise such as information disclosure or unauthorized modification of data.

Mitigation

Oracle released fixes in the February 2011 Critical Patch Update. Users should upgrade to Java SE 6 Update 24 or later, Java SE 5.0 Update 28 or later, and Java SE 1.4.2_30 or later. HP and Hitachi have also issued patches for their products that bundle the affected JRE [1][2][3][4]. As a workaround, disable Java applets and Web Start in the browser or system if not required.

References
  1. '[security bulletin] HPSBMU02799 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.0x Running JD'
  2. Software Vulnerability Information: Software: Hitachi
  3. '[security bulletin] HPSBMU02797 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.1x Running JD'
  4. '[security bulletin] HPSBUX02777 SSRT100854 rev.1 - HP-UX Running Java JRE and JDK, Remote Denial'

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

163
  • Sun Corporation/Jdk51 versions
    cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*+ 50 more
    • cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:*:update_23:*:*:*:*:*:*range: <=1.6.0
    • cpe:2.3:a:sun:jdk:*:update27:*:*:*:*:*:*range: <=1.5.0
  • Sun Corporation/Jre80 versions
    cpe:2.3:a:sun:jre:*:*:*:*:*:*:*:*+ 79 more
    • cpe:2.3:a:sun:jre:*:*:*:*:*:*:*:*range: <=1.4.2_29
    • cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_26:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_27:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_28:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:*:update_23:*:*:*:*:*:*range: <=1.6.0
    • cpe:2.3:a:sun:jre:*:update27:*:*:*:*:*:*range: <=1.5.0
  • Sun Corporation/Sdk30 versions
    cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:*+ 29 more
    • cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:*range: <=1.4.2_29
    • cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_26:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_27:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_28:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*
  • Sun Corporation/Java Sellm-fuzzy
    Range: <=6 Update 23, <=5.0 Update 27, <=1.4.2_29
  • Oracle Corporation/Java for Businessllm-fuzzy
    Range: <=6 Update 23, <=5.0 Update 27, <=1.4.2_29

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

21

News mentions

0

No linked articles in our index yet.