| Vulnerability Name: | CVE-2010-4351 (CCN-64893) | ||||||||||||||||||||||||||||||||
| Assigned: | 2010-12-16 | ||||||||||||||||||||||||||||||||
| Published: | 2010-12-16 | ||||||||||||||||||||||||||||||||
| Updated: | 2023-02-13 | ||||||||||||||||||||||||||||||||
| Summary: | The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. | ||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.5 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-305 | ||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||
| References: | Source: CCN Type: GNU/Andrews Blog [SECURITY] IcedTea6 1.7.7, 1.8.4, 1.9.4 Released! Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: MITRE Type: CNA CVE-2010-4351 Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: OpenJDK Web site OpenJDK Source: CCN Type: RHSA-2011-0176 Moderate: java-1.6.0-openjdk security update Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: DEBIAN Type: DSA-2224 openjdk-6 -- several vulnerabilities Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: OSVDB ID: 70605 OpenJDK IcedTea JNLP SecurityManager checkPermission Method Exception Bypass Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: BID-45894 OpenJDK 'IcedTea' plugin JNLPSecurityManager Remote Code Execution Vulnerability Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: Red Hat Bugzilla Bug 663680 CVE-2010-4351 IcedTea jnlp security manager bypass Source: secalert@redhat.com Type: Patch secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: XF Type: UNKNOWN icedtea-jnlp-code-execution(64893) Source: CCN Type: ZDI-11-014 Red Hat OpenJDK IcedTea6 ClassLoader Remote Code Execution Vulnerability | ||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||