Vulnerability Details : CVE-2019-10182
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.
Vulnerability category: Directory traversal
Products affected by CVE-2019-10182
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:a:icedtea-web_project:icedtea-web:*:*:*:*:*:*:*:*
- cpe:2.3:a:icedtea-web_project:icedtea-web:1.8.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-10182
0.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-10182
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:P |
8.6
|
4.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST | |
8.2
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L |
2.8
|
4.7
|
Red Hat, Inc. |
CWE ids for CVE-2019-10182
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: secalert@redhat.com (Primary)
References for CVE-2019-10182
-
https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344
fixing CVEs 2019- 10181, 10182, 10185 found by Imre Rad - master by judovana · Pull Request #344 · AdoptOpenJDK/IcedTea-Web · GitHubPatch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10182
1724958 – (CVE-2019-10182) CVE-2019-10182 icedtea-web: path traversal while processing <jar/> elements of JNLP files results in arbitrary file overwriteIssue Tracking;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html
[SECURITY] [DLA 1914-1] icedtea-web security update
-
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00045.html
[security-announce] openSUSE-SU-2019:1911-1: important: Security update
-
https://seclists.org/bugtraq/2019/Oct/5
Bugtraq: CVE-2019-10181, CVE-2019-10182, CVE-2019-10185: IcedTea-Web vulnerabilities leading to RCE
-
http://packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.html
IcedTeaWeb Validation Bypass / Directory Traversal / Code Execution ≈ Packet Storm
-
https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327
upcoming security release 31.7.2019 · Issue #327 · AdoptOpenJDK/IcedTea-Web · GitHubPatch;Third Party Advisory
Jump to