CVE-2010-3860

Published: Dec 8, 2010Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.

Affected (10)

Products: Redhat: Icedtea

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Redhat Icedtea	Up to 1.9.1
Redhat Icedtea	Version 1.5 rc1
Redhat Icedtea	Version 1.5 rc2
Redhat Icedtea	Version 1.5 rc3
Redhat Icedtea	Version 1.6
Redhat Icedtea	Version 1.7
Redhat Icedtea	Version 1.8.1
Redhat Icedtea	Version 1.8.2
Redhat Icedtea	Version 1.8
Redhat Icedtea	Version 1.9

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (30)

http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/

Source: secalert@redhat.com

http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28

Source: secalert@redhat.com

Patch

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051711.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html

Source: secalert@redhat.com

http://secunia.com/advisories/42412

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/42417

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/43085

Source: secalert@redhat.com

http://security.gentoo.org/glsa/glsa-201406-32.xml

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2011-0176.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/45114

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-1024-1

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2010/3090

Source: secalert@redhat.com

Vendor Advisory

http://www.vupen.com/english/advisories/2010/3108

Source: secalert@redhat.com

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0215

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=645843

Source: secalert@redhat.com

Patch

http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/

Source: af854a3a-2127-422b-91ae-364da2661108

http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051711.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/42412

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/42417

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/43085

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-201406-32.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2011-0176.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/45114

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1024-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/3090

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2010/3108

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0215

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=645843

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.