5

CVE-2010-3860

EPSS 1.53%
Published 08.12.2010 20:00:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.

Affected products Warnungen 0 Metrics 2 CWE 1 References 18

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Icedtea Version <= 1.9.1

Redhat ≫ Icedtea Version1.5 Updaterc1

Redhat ≫ Icedtea Version1.5 Updaterc2

Redhat ≫ Icedtea Version1.5 Updaterc3

Redhat ≫ Icedtea Version1.6

Redhat ≫ Icedtea Version1.7

Redhat ≫ Icedtea Version1.8

Redhat ≫ Icedtea Version1.8.1

Redhat ≫ Icedtea Version1.8.2

Redhat ≫ Icedtea Version1.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.53%	0.796

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html

http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/

http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28

Patch

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051711.html

http://secunia.com/advisories/42412

Vendor Advisory

http://secunia.com/advisories/42417

Vendor Advisory

http://secunia.com/advisories/43085

http://www.redhat.com/support/errata/RHSA-2011-0176.html

http://www.securityfocus.com/bid/45114

http://www.ubuntu.com/usn/USN-1024-1

http://www.vupen.com/english/advisories/2010/3090

Vendor Advisory

http://www.vupen.com/english/advisories/2010/3108

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0215

https://bugzilla.redhat.com/show_bug.cgi?id=645843

Patch

https://nvd.nist.gov/vuln/detail/CVE-2010-3860

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-3860

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-3860

EUVD