Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) The CVSSv2 scored upstream is cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P Reference: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0768 https://rhn.redhat.com/errata/RHSA-2010-0768.html
This issue has been addressed in following products: Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2010:0770 https://rhn.redhat.com/errata/RHSA-2010-0770.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2010:0865 https://rhn.redhat.com/errata/RHSA-2010-0865.html