CVE-2010-3860 Information

Feb 14, 2021 cve

Description

IcedTea 1.7.x before 1.7.6 1.8.x before 1.8.3 and 1.9.x before 1.9.2 as based on OpenJDK 6 declares multiple sensitive variables as public which allows remote attackers to obtain sensitive information including (1) user.name (2) user.home and (3) java.home system properties and other sensitive information such as installation directories.

Reference

http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/ http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051711.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html http://secunia.com/advisories/42412 http://secunia.com/advisories/42417 http://secunia.com/advisories/43085 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.redhat.com/support/errata/RHSA-2011-0176.html http://www.securityfocus.com/bid/45114 http://www.ubuntu.com/usn/USN-1024-1 http://www.vupen.com/english/advisories/2010/3090 http://www.vupen.com/english/advisories/2010/3108 http://www.vupen.com/english/advisories/2011/0215 https://bugzilla.redhat.com/show_bug.cgi?id=645843

Share on: