Vulnerability Details : CVE-2010-4351
The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.
Exploit prediction scoring system (EPSS) score for CVE-2010-4351
Probability of exploitation activity in the next 30 days: 1.03%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4351
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2010-4351
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4351
-
http://blog.fuseyism.com/index.php/2011/01/18/security-icedtea6-177-184-194-released/
GNU/Andrew’s Blog » [SECURITY] IcedTea6 1.7.7, 1.8.4, 1.9.4 Released!
-
http://www.vupen.com/english/advisories/2011/0239
Webmail | OVH- OVH
-
http://www.securityfocus.com/bid/45894
OpenJDK 'IcedTea' plugin JNLPSecurityManager Remote Code Execution Vulnerability
-
http://www.debian.org/security/2011/dsa-2224
Debian -- Security Information -- DSA-2224-1 openjdk-6
-
http://www.ubuntu.com/usn/USN-1055-1
USN-1055-1: OpenJDK vulnerabilities | Ubuntu security notices
-
http://www.zerodayinitiative.com/advisories/ZDI-11-014/
ZDI-11-014 | Zero Day Initiative
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64893
OpenJDK IcedTea plugin JNLP SecurityManager code execution CVE-2010-4351 Vulnerability Report
-
http://www.vupen.com/english/advisories/2011/0215
Webmail | OVH- OVH
-
http://www.redhat.com/support/errata/RHSA-2011-0176.html
Support
-
http://www.ubuntu.com/usn/USN-1052-1
USN-1052-1: OpenJDK vulnerability | Ubuntu security notices
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053288.html
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-48.1.8.4.fc13
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:054
mandriva.com
-
http://www.vupen.com/english/advisories/2011/0165
Webmail | OVH- OVHVendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053276.html
[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-50.1.9.4.fc14
-
https://bugzilla.redhat.com/show_bug.cgi?id=663680
663680 – (CVE-2010-4351) CVE-2010-4351 IcedTea jnlp security manager bypassPatch
-
http://www.vupen.com/english/advisories/2011/0166
Webmail | OVH- OVHVendor Advisory
-
http://security.gentoo.org/glsa/glsa-201406-32.xml
IcedTea JDK: Multiple vulnerabilities (GLSA 201406-32) — Gentoo security
Products affected by CVE-2010-4351
- cpe:2.3:a:redhat:icedtea:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.9.3:*:*:*:*:*:*:*