Oracle Sun Java System Communications Express CVE-2010-0885 Remote Address Book Vulnerability

Bugtraq ID:	39461
Class:	Unknown
CVE:	CVE-2010-0885
Remote:	Yes
Local:	No
Published:	Apr 13 2010 12:00AM
Updated:	Apr 15 2010 06:03PM
Credit:	Oracle
Vulnerable:	Sun Java System Communications Express 6.3 Sun Java System Communications Express 2005Q4 Sun Java System Communications Express 2005Q1 Sun Java System Communications Express 2004Q2 Sun Java System Communications Express 0
Not Vulnerable:

Oracle Sun Java System Communications Express CVE-2010-0885 Remote Address Book Vulnerability

Oracle Sun Java System Communications Express is prone to a remote vulnerability in Address Book.

The vulnerability can be exploited over the 'HTTP' protocol.

This vulnerability affects the following supported versions:
6 2005Q4 (6.2), 6.3

Oracle Sun Java System Communications Express CVE-2010-0885 Remote Address Book Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Oracle Sun Java System Communications Express CVE-2010-0885 Remote Address Book Vulnerability

Solution:
Vendor updates are available. Please contact the vendor for more information.


Sun Java System Communications Express 6.3

• Sun 122793-31
  SPARC
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -122793-31-1


• Sun 122794-31
  x86
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -122794-31-1


• Sun 122795-31
  Linux
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -122795-31-1

Oracle Sun Java System Communications Express CVE-2010-0885 Remote Address Book Vulnerability

References:

• Oracle Critical Patch Update April 2010 (Oracle)
  
• This Alert covers the Address Book component of the Sun Java System Communicatio (Oracle)