| Vulnerability Name: | CVE-2010-3860 (CCN-63567) | ||||||||||||||||||||||||
| Assigned: | 2010-11-24 | ||||||||||||||||||||||||
| Published: | 2010-11-24 | ||||||||||||||||||||||||
| Updated: | 2014-10-04 | ||||||||||||||||||||||||
| Summary: | IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-200 | ||||||||||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||||||
| References: | Source: CCN Type: GNU/Andrews Blog IcedTea6 1.7.6, 1.8.3 and 1.9.2 Released! Source: CONFIRM Type: UNKNOWN http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/ Source: MITRE Type: CNA CVE-2010-3860 Source: CONFIRM Type: Patch http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28 Source: FEDORA Type: UNKNOWN FEDORA-2010-18393 Source: SUSE Type: UNKNOWN SUSE-SR:2010:023 Source: CCN Type: OpenJDK Web site OpenJDK Source: CCN Type: RHSA-2011-0176 Moderate: java-1.6.0-openjdk security update Source: SECUNIA Type: Vendor Advisory 42412 Source: SECUNIA Type: Vendor Advisory 42417 Source: SECUNIA Type: UNKNOWN 43085 Source: GENTOO Type: UNKNOWN GLSA-201406-32 Source: CCN Type: OSVDB ID: 69675 IcedTea Multiple Variable Public Declaration Remote Information Disclosure Source: REDHAT Type: UNKNOWN RHSA-2011:0176 Source: BID Type: UNKNOWN 45114 Source: CCN Type: BID-45114 OpenJDK 'IcedTea' plugin (CVE-2010-3860) Unspecified Information Disclosure Vulnerability Source: UBUNTU Type: UNKNOWN USN-1024-1 Source: VUPEN Type: Vendor Advisory ADV-2010-3090 Source: VUPEN Type: Vendor Advisory ADV-2010-3108 Source: VUPEN Type: UNKNOWN ADV-2011-0215 Source: CONFIRM Type: Patch https://bugzilla.redhat.com/show_bug.cgi?id=645843 Source: XF Type: UNKNOWN openjdk-icedtea-unspec-info-disc(63567) Source: SUSE Type: SUSE-SR:2010:023 SUSE Security Summary Report | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||