5
CVE-2010-3860
- EPSS 3%
- Veröffentlicht 08.12.2010 20:00:01
- Zuletzt bearbeitet 16.06.2026 23:23:42
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3% | 0.856 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/
http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051711.html
http://secunia.com/advisories/42412
http://secunia.com/advisories/42417
http://secunia.com/advisories/43085
http://www.redhat.com/support/errata/RHSA-2011-0176.html
http://www.securityfocus.com/bid/45114
http://www.ubuntu.com/usn/USN-1024-1
http://www.vupen.com/english/advisories/2010/3090
http://www.vupen.com/english/advisories/2010/3108
http://www.vupen.com/english/advisories/2011/0215
https://bugzilla.redhat.com/show_bug.cgi?id=645843