CVE-2010-3860
IcedTea 1.7.x < 1.7.6, 1.8.x < 1.8.3, 1.9.x < 1.9.2 - Exposure of Sensitive Information via Public Variable Declaration
Title source: llmDescription
IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.
References (15)
Core 15
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201406-32.xml
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051711.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43085
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0215
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1024-1
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42412
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3090
Various Sources x_refsource_confirm
http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3108
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=645843
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42417
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45114
Patch x_refsource_confirm
http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0176.html
Scores
EPSS
0.0300
EPSS Percentile
85.8%
Details
CWE
CWE-200
Status
published
Products (8)
redhat/icedtea
1.5 rc1 (3 CPE variants)
redhat/icedtea
1.6
redhat/icedtea
1.7
redhat/icedtea
1.8
redhat/icedtea
1.8.1
redhat/icedtea
1.8.2
redhat/icedtea
1.9
redhat/icedtea
< 1.9.1
Published
Dec 08, 2010
Tracked Since
Feb 18, 2026