Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/178372?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178372?format=api", "vulnerability_id": "VCID-g1wu-uzuv-fbdt", "summary": "Multiple vulnerabilities have been found in the Oracle JRE/JDK,\n allowing attackers to cause unspecified impact.", "aliases": [ { "alias": "CVE-2010-3552" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/3576?format=api", "purl": "pkg:ebuild/app-emulation/emul-linux-x86-java@1.6.0.29", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/emul-linux-x86-java@1.6.0.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/3577?format=api", "purl": "pkg:ebuild/dev-java/sun-jdk@1.6.0.29", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-java/sun-jdk@1.6.0.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/3575?format=api", "purl": "pkg:ebuild/dev-java/sun-jre-bin@1.6.0.29", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-java/sun-jre-bin@1.6.0.29" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/368401?format=api", "purl": "pkg:rpm/redhat/java-1.6.0-sun@1:1.6.0.22-1jpp.1?arch=el4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zce-ccvb-qffk" }, { "vulnerability": "VCID-3um7-bhp7-hqbe" }, { "vulnerability": "VCID-64zd-uyfm-f3cr" }, { "vulnerability": "VCID-7u2w-duqd-9fab" }, { "vulnerability": "VCID-eg75-7nhb-1bd6" }, { "vulnerability": "VCID-f9p6-pf4z-w7eu" }, { "vulnerability": "VCID-g1wu-uzuv-fbdt" }, { "vulnerability": "VCID-hmz9-w1bx-vkg8" }, { "vulnerability": "VCID-jt8e-tzk1-guhk" }, { "vulnerability": "VCID-kbs4-5kqt-z7gy" }, { "vulnerability": "VCID-kgdg-wdk3-afgf" }, { "vulnerability": "VCID-kp8c-fgsp-4qgg" }, { "vulnerability": "VCID-n2dm-na4y-nyeg" }, { "vulnerability": "VCID-n4eq-q5ga-nucx" }, { "vulnerability": "VCID-nk79-z7qp-87ez" }, { "vulnerability": "VCID-p4te-vnq6-bfee" }, { "vulnerability": "VCID-qy19-mm4j-pkdw" }, { "vulnerability": "VCID-qzk4-tk6f-qkdc" }, { "vulnerability": "VCID-szz6-e2fg-jbhy" }, { "vulnerability": "VCID-t3et-y4mc-wude" }, { "vulnerability": "VCID-tpgq-bmxw-wbcc" }, { "vulnerability": "VCID-ttqq-7ccy-vqhx" }, { "vulnerability": "VCID-up3k-da4h-h7cb" }, { "vulnerability": "VCID-vax6-9rc7-2qe3" }, { "vulnerability": "VCID-vvzb-u4yd-fueg" }, { "vulnerability": "VCID-w4hp-sa3w-3qg1" }, { "vulnerability": "VCID-xnsc-n6vd-xkc1" }, { "vulnerability": "VCID-ye9j-3az2-tbag" }, { "vulnerability": "VCID-ysgy-uch6-efa3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-1.6.0-sun@1:1.6.0.22-1jpp.1%3Farch=el4" }, { "url": "http://public2.vulnerablecode.io/api/packages/368402?format=api", "purl": "pkg:rpm/redhat/java-1.6.0-sun@1:1.6.0.22-1jpp.1?arch=el5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zce-ccvb-qffk" }, { "vulnerability": "VCID-3um7-bhp7-hqbe" }, { "vulnerability": "VCID-64zd-uyfm-f3cr" }, { "vulnerability": "VCID-7u2w-duqd-9fab" }, { "vulnerability": "VCID-eg75-7nhb-1bd6" }, { "vulnerability": "VCID-f9p6-pf4z-w7eu" }, { "vulnerability": "VCID-g1wu-uzuv-fbdt" }, { "vulnerability": "VCID-hmz9-w1bx-vkg8" }, { "vulnerability": "VCID-jt8e-tzk1-guhk" }, { "vulnerability": "VCID-kbs4-5kqt-z7gy" }, { "vulnerability": "VCID-kgdg-wdk3-afgf" }, { "vulnerability": "VCID-kp8c-fgsp-4qgg" }, { "vulnerability": "VCID-n2dm-na4y-nyeg" }, { "vulnerability": "VCID-n4eq-q5ga-nucx" }, { "vulnerability": "VCID-nk79-z7qp-87ez" }, { "vulnerability": "VCID-p4te-vnq6-bfee" }, { "vulnerability": "VCID-qy19-mm4j-pkdw" }, { "vulnerability": "VCID-qzk4-tk6f-qkdc" }, { "vulnerability": "VCID-szz6-e2fg-jbhy" }, { "vulnerability": "VCID-t3et-y4mc-wude" }, { "vulnerability": "VCID-tpgq-bmxw-wbcc" }, { "vulnerability": "VCID-ttqq-7ccy-vqhx" }, { "vulnerability": "VCID-up3k-da4h-h7cb" }, { "vulnerability": "VCID-vax6-9rc7-2qe3" }, { "vulnerability": "VCID-vvzb-u4yd-fueg" }, { "vulnerability": "VCID-w4hp-sa3w-3qg1" }, { "vulnerability": "VCID-xnsc-n6vd-xkc1" }, { "vulnerability": "VCID-ye9j-3az2-tbag" }, { "vulnerability": "VCID-ysgy-uch6-efa3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-1.6.0-sun@1:1.6.0.22-1jpp.1%3Farch=el5" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3552.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3552.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3552", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.82947", "scoring_system": "epss", "scoring_elements": "0.99273", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.82947", "scoring_system": "epss", "scoring_elements": "0.99275", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.82947", "scoring_system": "epss", "scoring_elements": "0.99274", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3552" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642600", "reference_id": "642600", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642600" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/15241.txt", "reference_id": "CVE-2010-3552;OSVDB-68873", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/15241.txt" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/16587.rb", "reference_id": "CVE-2010-3552;OSVDB-68873", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/16587.rb" }, { "reference_url": "http://www.zerodayinitiative.com/advisories/ZDI-10-206/", "reference_id": "CVE-2010-3552;OSVDB-68873", "reference_type": "exploit", "scores": [], "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-206/" }, { "reference_url": "https://security.gentoo.org/glsa/201111-02", "reference_id": "GLSA-201111-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201111-02" } ], "weaknesses": [], "exploits": [ { "date_added": "2011-01-08", "description": "Sun Java - Runtime New Plugin docbase Buffer Overflow (Metasploit)", "required_action": null, "due_date": null, "notes": null, "known_ransomware_campaign_use": true, "source_date_published": "2011-01-08", "exploit_type": "remote", "platform": "windows", "source_date_updated": "2011-03-10", "data_source": "Exploit-DB", "source_url": "http://www.zerodayinitiative.com/advisories/ZDI-10-206/" }, { "date_added": null, "description": "This module exploits a flaw in the new plugin component of the Sun Java\n Runtime Environment before v6 Update 22. By specifying specific parameters\n to the new plugin, an attacker can cause a stack-based buffer overflow and\n execute arbitrary code.\n\n When the new plugin is invoked with a \"launchjnlp\" parameter, it will\n copy the contents of the \"docbase\" parameter to a stack-buffer using the\n \"sprintf\" function. A string of 396 bytes is enough to overflow the 256\n byte stack buffer and overwrite some local variables as well as the saved\n return address.\n\n NOTE: The string being copied is first passed through the \"WideCharToMultiByte\".\n Due to this, only characters which have a valid localized multibyte\n representation are allowed. Invalid characters will be replaced with\n question marks ('?').\n\n This vulnerability was originally discovered independently by both Stephen\n Fewer and Berend Jan Wever (SkyLined). Although exhaustive testing hasn't\n been done, all versions since version 6 Update 10 are believed to be affected\n by this vulnerability.\n\n This vulnerability was patched as part of the October 2010 Oracle Patch\n release.", "required_action": null, "due_date": null, "notes": "Reliability:\n - unknown-reliability\nStability:\n - unknown-stability\nSideEffects:\n - unknown-side-effects\n", "known_ransomware_campaign_use": false, "source_date_published": "2010-10-12", "exploit_type": null, "platform": "Windows", "source_date_updated": null, "data_source": "Metasploit", "source_url": "https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/browser/java_docbase_bof.rb" } ], "severity_range_score": null, "exploitability": "2.0", "weighted_severity": "0.7", "risk_score": 1.4, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g1wu-uzuv-fbdt" }