VIR Vulnerability Intelligence Relay

CVE-2010-3541

medium
Published 2010-10-19 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
5.1

Description

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact
VendorProductVersionsFixed
sunjre{"endIncluding":"1.6.0"}
sunjre1.6.0
sunjdk{"endIncluding":"1.6.0"}
sunjdk1.6.0
sunjdk1.5.0
sunsdk{"endIncluding":"1.4.2_27"}
sunsdk1.4.2
sunsdk1.4.2_1
sunsdk1.4.2_02
sunsdk1.4.2_3
sunsdk1.4.2_4
sunsdk1.4.2_5
sunsdk1.4.2_6
sunsdk1.4.2_7
sunsdk1.4.2_8
sunsdk1.4.2_9
sunsdk1.4.2_10
sunsdk1.4.2_11
sunsdk1.4.2_12
sunsdk1.4.2_13
sunsdk1.4.2_14
sunsdk1.4.2_15
sunsdk1.4.2_16
sunsdk1.4.2_17
sunsdk1.4.2_18
sunsdk1.4.2_19
sunsdk1.4.2_20
sunsdk1.4.2_21
sunsdk1.4.2_22
sunsdk1.4.2_23
sunsdk1.4.2_24
sunsdk1.4.2_25
sunsdk1.4.2_26
sunjre1.5.0
sunjre1.4.2
sunjre1.4.2_1
sunjre1.4.2_2
sunjre1.4.2_3
sunjre1.4.2_4
sunjre1.4.2_5
sunjre1.4.2_6
sunjre1.4.2_7
sunjre1.4.2_8
sunjre1.4.2_9
sunjre1.4.2_10
sunjre1.4.2_11
sunjre1.4.2_12
sunjre1.4.2_13
sunjre1.4.2_14
sunjre1.4.2_15
sunjre1.4.2_16
sunjre1.4.2_17
sunjre1.4.2_18
sunjre1.4.2_19
sunjre1.4.2_20
sunjre1.4.2_21
sunjre1.4.2_22
sunjre1.4.2_23
sunjre1.4.2_24
sunjre1.4.2_25
sunjre1.4.2_26
sunjdk1.3.0
sunjdk1.3.0_01
sunjdk1.3.0_02
sunjdk1.3.0_03
sunjdk1.3.0_04
sunjdk1.3.0_05
sunjdk1.3.1
sunjdk1.3.1_01
sunjdk1.3.1_01a
sunjdk1.3.1_02
sunjdk1.3.1_03
sunjdk1.3.1_04
sunjdk1.3.1_05
sunjdk1.3.1_06
sunjdk1.3.1_07
sunjdk1.3.1_08
sunjdk1.3.1_09
sunjdk1.3.1_10
sunjdk1.3.1_11
sunjdk1.3.1_12
sunjdk1.3.1_13
sunjdk1.3.1_14
sunjdk1.3.1_15
sunjdk1.3.1_16
sunjdk1.3.1_17
sunjdk1.3.1_18
sunjdk1.3.1_19
sunjdk1.3.1_20
sunjdk1.3.1_21
sunjdk1.3.1_22
sunjdk1.3.1_23
sunjdk1.3.1_24
sunjdk1.3.1_25
sunjdk1.3.1_26
sunjdk1.3.1_27
sunjre1.3.0
sunjre1.3.1
sunjre1.3.1_2
sunjre1.3.1_03
sunjre1.3.1_04
sunjre1.3.1_05
sunjre1.3.1_06
sunjre1.3.1_07
sunjre1.3.1_08
sunjre1.3.1_09
sunjre1.3.1_10
sunjre1.3.1_11
sunjre1.3.1_12
sunjre1.3.1_13
sunjre1.3.1_14
sunjre1.3.1_15
sunjre1.3.1_16
sunjre1.3.1_17
sunjre1.3.1_18
sunjre1.3.1_19
sunjre1.3.1_20
sunjre1.3.1_21
sunjre1.3.1_22
sunjre1.3.1_23
sunjre1.3.1_24
sunjre1.3.1_25
sunjre1.3.1_26
sunjre1.3.1_27
sunsdk1.3.0
sunsdk1.3.0_01
sunsdk1.3.0_02
sunsdk1.3.0_03
sunsdk1.3.0_04
sunsdk1.3.0_05
sunsdk1.3.1
sunsdk1.3.1_01
sunsdk1.3.1_01a
sunsdk1.3.1_02
sunsdk1.3.1_03
sunsdk1.3.1_04
sunsdk1.3.1_05
sunsdk1.3.1_06
sunsdk1.3.1_07
sunsdk1.3.1_08
sunsdk1.3.1_09
sunsdk1.3.1_10
sunsdk1.3.1_11
sunsdk1.3.1_12
sunsdk1.3.1_13
sunsdk1.3.1_14
sunsdk1.3.1_15
sunsdk1.3.1_16
sunsdk1.3.1_17
sunsdk1.3.1_18
sunsdk1.3.1_19
sunsdk1.3.1_20
sunsdk1.3.1_21
sunsdk1.3.1_22
sunsdk1.3.1_23
sunsdk1.3.1_24
sunsdk1.3.1_25
sunsdk1.3.1_26
sunsdk1.3.1_27

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.