CVE-2010-3860

IcedTea 1.7.x < 1.7.6, 1.8.x < 1.8.3, 1.9.x < 1.9.2 - Exposure of Sensitive Information via Public Variable Declaration

Title source: llm
STIX 2.1

Description

IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.

References (15)

Core 15
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201406-32.xml
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051711.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43085
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0215
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1024-1
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42412
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3090
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3108
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42417
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45114
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0176.html

Scores

EPSS 0.0300
EPSS Percentile 85.8%

Details

CWE
CWE-200
Status published
Products (8)
redhat/icedtea 1.5 rc1 (3 CPE variants)
redhat/icedtea 1.6
redhat/icedtea 1.7
redhat/icedtea 1.8
redhat/icedtea 1.8.1
redhat/icedtea 1.8.2
redhat/icedtea 1.9
redhat/icedtea < 1.9.1
Published Dec 08, 2010
Tracked Since Feb 18, 2026