CVE-2010-3860
Last modified
CVE-2010-3860 is a vulnerability of currently unknown severity. IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.. EPSS estimates a 3.00% chance of exploitation in the next 30 days.
Description
IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Redhat | Icedtea | <= 1.9.1 | — |
| Redhat | Icedtea | 1.5 | Rc1 |
| Redhat | Icedtea | 1.6 | — |
| Redhat | Icedtea | 1.7 | — |
| Redhat | Icedtea | 1.8 | — |
| Redhat | Icedtea | 1.8.1 | — |
| Redhat | Icedtea | 1.8.2 | — |
| Redhat | Icedtea | 1.9 | — |
References
- http://secunia.com/advisories/42412Vendor Advisory
- http://secunia.com/advisories/42417Vendor Advisory
- http://www.vupen.com/english/advisories/2010/3090Vendor Advisory
- http://www.vupen.com/english/advisories/2010/3108Vendor Advisory
- http://secunia.com/advisories/42412Vendor Advisory
- http://secunia.com/advisories/42417Vendor Advisory
- http://www.vupen.com/english/advisories/2010/3090Vendor Advisory
- http://www.vupen.com/english/advisories/2010/3108Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-3860?
How severe is CVE-2010-3860?
How do I fix CVE-2010-3860?
Are you affected by CVE-2010-3860?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST