CVE-2010-3860
Summary
| CVE | CVE-2010-3860 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-12-08 20:00:01 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:N/AC:L/Au:N/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Icedtea | 1.5 | rc1 | All | All |
| Application | Redhat | Icedtea | 1.5 | rc2 | All | All |
| Application | Redhat | Icedtea | 1.5 | rc3 | All | All |
| Application | Redhat | Icedtea | 1.6 | All | All | All |
| Application | Redhat | Icedtea | 1.7 | All | All | All |
| Application | Redhat | Icedtea | 1.8 | All | All | All |
| Application | Redhat | Icedtea | 1.8.1 | All | All | All |
| Application | Redhat | Icedtea | 1.8.2 | All | All | All |
| Application | Redhat | Icedtea | 1.9 | All | All | All |
| Application | Redhat | Icedtea | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Vendor Advisory |
| USN-1024-1: OpenJDK vulnerability | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | |
| Ubuntu update for openjdk-6 - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| release/icedtea6-1.9: 9aa0018d8c28 | af854a3a-2127-422b-91ae-364da2661108 | icedtea.classpath.org | Patch |
| Gentoo Linux Documentation -- IcedTea JDK: Multiple vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | |
| [SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-49.1.9.2.fc14 | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| Red Hat update for java-1.6.0-openjdk - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2010:023 | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| Webmail - OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| GNU/Andrew’s Blog » IcedTea6 1.7.6, 1.8.3 and 1.9.2 Released! | af854a3a-2127-422b-91ae-364da2661108 | blog.fuseyism.com | |
| Bug 645843 – CVE-2010-3860 IcedTea System property information leak via public static | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | Patch |
| Security Advisory SA42417 - Fedora update for java-1.6.0-openjdk - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| OpenJDK 'IcedTea' plugin (CVE-2010-3860) Unspecified Information Disclosure Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.