CVE-2010-3860
Summary
| CVE | CVE-2010-3860 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-12-08 20:00:00 UTC |
| Updated | 2014-10-04 04:29:00 UTC |
| Description | IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Icedtea | 1.5 | rc1 | All | All |
| Application | Redhat | Icedtea | 1.5 | rc2 | All | All |
| Application | Redhat | Icedtea | 1.5 | rc3 | All | All |
| Application | Redhat | Icedtea | 1.6 | All | All | All |
| Application | Redhat | Icedtea | 1.7 | All | All | All |
| Application | Redhat | Icedtea | 1.8 | All | All | All |
| Application | Redhat | Icedtea | 1.8.1 | All | All | All |
| Application | Redhat | Icedtea | 1.8.2 | All | All | All |
| Application | Redhat | Icedtea | 1.9 | All | All | All |
| Application | Redhat | Icedtea | 1.5 | rc1 | All | All |
| Application | Redhat | Icedtea | 1.5 | rc2 | All | All |
| Application | Redhat | Icedtea | 1.5 | rc3 | All | All |
| Application | Redhat | Icedtea | 1.6 | All | All | All |
| Application | Redhat | Icedtea | 1.7 | All | All | All |
| Application | Redhat | Icedtea | 1.8 | All | All | All |
| Application | Redhat | Icedtea | 1.8.1 | All | All | All |
| Application | Redhat | Icedtea | 1.8.2 | All | All | All |
| Application | Redhat | Icedtea | 1.9 | All | All | All |
| Application | Redhat | Icedtea | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2010:023 | SUSE | lists.opensuse.org | |
| GNU/Andrew’s Blog » IcedTea6 1.7.6, 1.8.3 and 1.9.2 Released! | CONFIRM | blog.fuseyism.com | |
| [SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-49.1.9.2.fc14 | FEDORA | lists.fedoraproject.org | |
| OpenJDK 'IcedTea' plugin (CVE-2010-3860) Unspecified Information Disclosure Vulnerability | BID | www.securityfocus.com | |
| Webmail - OVH | VUPEN | www.vupen.com | |
| release/icedtea6-1.9: 9aa0018d8c28 | CONFIRM | icedtea.classpath.org | Patch |
| Security Advisory SA42417 - Fedora update for java-1.6.0-openjdk - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| Ubuntu update for openjdk-6 - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Red Hat update for java-1.6.0-openjdk - Secunia.com | SECUNIA | secunia.com | |
| Gentoo Linux Documentation -- IcedTea JDK: Multiple vulnerabilities | GENTOO | security.gentoo.org | |
| Support | REDHAT | www.redhat.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| USN-1024-1: OpenJDK vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| Bug 645843 – CVE-2010-3860 IcedTea System property information leak via public static | CONFIRM | bugzilla.redhat.com | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.