Vulnerability Details : CVE-2010-3860
IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2010-3860
Probability of exploitation activity in the next 30 days: 0.71%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3860
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-3860
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3860
-
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:023
-
http://www.vupen.com/english/advisories/2010/3090
Webmail | OVH- OVHVendor Advisory
-
http://www.securityfocus.com/bid/45114
OpenJDK 'IcedTea' plugin (CVE-2010-3860) Unspecified Information Disclosure Vulnerability
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051711.html
[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-49.1.9.2.fc14
-
http://www.vupen.com/english/advisories/2011/0215
Webmail | OVH- OVH
-
http://www.redhat.com/support/errata/RHSA-2011-0176.html
Support
-
https://bugzilla.redhat.com/show_bug.cgi?id=645843
645843 – (CVE-2010-3860) CVE-2010-3860 IcedTea System property information leak via public staticPatch
-
http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28
release/icedtea6-1.9: 9aa0018d8c28Patch
-
http://www.vupen.com/english/advisories/2010/3108
Webmail | OVH- OVHVendor Advisory
-
http://www.ubuntu.com/usn/USN-1024-1
USN-1024-1: OpenJDK vulnerability | Ubuntu security notices
-
http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/
-
http://security.gentoo.org/glsa/glsa-201406-32.xml
IcedTea JDK: Multiple vulnerabilities (GLSA 201406-32) — Gentoo security
Products affected by CVE-2010-3860
- cpe:2.3:a:redhat:icedtea:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.5:rc2:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.5:rc3:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.7:*:*:*:*:*:*:*