Vulnerability CVE-2019-10185

Vulnerability Name:

CVE-2019-10185 (CCN-164511)

Assigned:

2019-07-31

Published:

2019-07-31

Updated:

2023-02-12

Summary:

It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox.

CVSS v3 Severity:

8.6 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
5.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

8.2 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L)
7.4 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): Low

CVSS v2 Severity:

6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Complete Availibility (A): None

Vulnerability Type:

CWE-22

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2019-10185

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
icedteaweb-cve201910185-dir-traversal(164511)

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: IcedTea-Web GIT Repository
fixing CVEs 2019- 10181, 10182, 10185 found by Imre Rad - master #344

Source: secalert@redhat.com
Type: Patch, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: Packet Storm Security [10-07-2019]
IcedTeaWeb Validation Bypass / Directory Traversal / Code Execution

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: oss-sec Mailing List, Wed, 31 Jul 2019 17:26:22 +0200
icedtea-web: CVE-2019-10181 CVE-2019-10182 CVE-2019-10185

Source: secalert@redhat.com
Type: Patch, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2019-10185

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 5:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration CCN 1:

cpe:/a:redhat:icedtea-web:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201910185	V	CVE-2019-10185	2022-08-07
oval:org.opensuse.security:def:4642	P	Security update for the Linux Kernel (Important)	2022-07-13
oval:org.opensuse.security:def:4634	P	Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP5) (Important)	2022-06-28
oval:org.opensuse.security:def:3565	P	libXrender1-0.9.8-7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3240	P	libpulse-mainloop-glib0-32bit-5.0-4.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3252	P	libsmi-0.4.8-18.55 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3731	P	openvpn-2.3.8-16.20.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95195	P	icedtea-web-1.7.2-150100.7.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:1798	P	Security update for icedtea-web (Important)	2022-04-19
oval:org.opensuse.security:def:95361	P	Security update for icedtea-web (Important)	2022-04-19
oval:org.opensuse.security:def:102088	P	Security update for icedtea-web (Important)	2022-04-19
oval:org.opensuse.security:def:102350	P	Security update for icedtea-web (Important)	2022-04-19
oval:org.opensuse.security:def:1508	P	Security update for icedtea-web (Important)	2022-04-19
oval:org.opensuse.security:def:4707	P	Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP5) (Important)	2022-03-29
oval:org.opensuse.security:def:4662	P	Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP5) (Important)	2022-02-01
oval:org.opensuse.security:def:112424	P	icedtea-web-1.8.6-1.3 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:51765	P	Security update for net-snmp (Important)	2022-01-05
oval:org.opensuse.security:def:51685	P	Security update for transfig (Important)	2021-10-29
oval:org.opensuse.security:def:105930	P	icedtea-web-1.8.6-1.3 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:52048	P	Security update for compat-openssl098 (Important)	2021-08-27
oval:org.opensuse.security:def:51623	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:51599	P	Security update for ovmf (Important)	2021-06-22
oval:org.opensuse.security:def:4752	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:5612	P	Test update for SUSE:SLE-15-SP3:Update (security) (Important)	2020-12-15
oval:org.opensuse.security:def:51085	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:49047	P	openconnect-7.08-1.27 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49028	P	libplist++3-1.12-20.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2515	P	MozillaThunderbird-68.8.0-3.80.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2521	P	bogofilter-common-1.2.4-1.40 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2533	P	imobiledevice-tools-1.2.0+git20180427.26373b3-1.40 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2511	P	pulseaudio-module-bluetooth-11.1-4.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2547	P	libreoffice-6.4.4.2-11.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49029	P	libpodofo0_9_2-0.9.2-3.9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2553	P	pidgin-plugin-otr-4.0.2-1.61 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2562	P	Security update for python (Moderate)	2020-12-02
oval:org.opensuse.security:def:2586	P	Security update for mariadb (Moderate)	2020-12-02
oval:org.opensuse.security:def:4767	P	Security update for freeradius-server (Important)	2020-12-02
oval:org.opensuse.security:def:2602	P	Security update for docker-runc (Important)	2020-12-02
oval:org.opensuse.security:def:2592	P	Security update for python-pip (Important)	2020-12-02
oval:org.opensuse.security:def:4786	P	Security update for postgresql10 (Important)	2020-12-02
oval:org.opensuse.security:def:4930	P	Security update for qemu (Important)	2020-12-02
oval:org.opensuse.security:def:2600	P	Security update for docker-runc (Moderate)	2020-12-02
oval:org.opensuse.security:def:4859	P	Security update for xen (Important)	2020-12-02
oval:org.opensuse.security:def:4943	P	Security update for bind (Moderate)	2020-12-02
oval:org.opensuse.security:def:4923	P	Security update for qemu (Important)	2020-12-02
oval:org.opensuse.security:def:4884	P	Security update for salt (Moderate)	2020-12-02
oval:org.opensuse.security:def:5581	P	Security update for the Linux Kernel (Important)	2020-12-02
oval:org.opensuse.security:def:4916	P	Security update for mariadb (Moderate)	2020-12-02
oval:org.opensuse.security:def:52355	P	Security update for java-1_8_0-openj9 (Important)	2020-12-01
oval:org.opensuse.security:def:50178	P	bluez-cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52436	P	Security update for openldap2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:49174	P	libidn-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52319	P	Security update for ldns (Moderate)	2020-12-01
oval:org.opensuse.security:def:50925	P	Security update for unbound (Important)	2020-12-01
oval:org.opensuse.security:def:52156	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:53712	P	Security update for u-boot (Important)	2020-12-01
oval:org.opensuse.security:def:49379	P	containerd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50947	P	Security update for perl-XML-Twig (Moderate)	2020-12-01
oval:org.opensuse.security:def:52247	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:53786	P	Security update for icedtea-web (Important)	2020-12-01
oval:org.opensuse.security:def:49525	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49623	P	flatpak on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51322	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:50924	P	Security update for mutt (Important)	2020-12-01
oval:org.opensuse.security:def:49780	P	cups-ddk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51493	P	Security update for rust, rust-cbindgen (Moderate)	2020-12-01
oval:org.opensuse.security:def:50274	P	Security update for openssl-1_1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:50018	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50347	P	Security update for postgresql10 (Moderate)	2020-12-01
oval:org.opensuse.security:def:50243	P	libpskc-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50108	P	yast2-rmt on GA media (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20192003	P	RHSA-2019:2003: icedtea-web security update (Important)	2019-07-31
oval:com.ubuntu.disco:def:2019101850000000	V	CVE-2019-10185 on Ubuntu 19.04 (disco) - medium.	2019-07-31
oval:com.redhat.rhsa:def:20192004	P	RHSA-2019:2004: icedtea-web security update (Important)	2019-07-31
oval:com.ubuntu.bionic:def:2019101850000000	V	CVE-2019-10185 on Ubuntu 18.04 LTS (bionic) - medium.	2019-07-31
oval:com.ubuntu.xenial:def:2019101850000000	V	CVE-2019-10185 on Ubuntu 16.04 LTS (xenial) - medium.	2019-07-31

BACK