PT-2010-5123 · Icedtea+1 · Icedtea+1
Marc Schoenefeld
·
Publicado
2010-12-08
·
Atualizado
2014-10-04
·
CVE-2010-3860
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IcedTea versions 1.7.x through 1.7.5
IcedTea versions 1.8.x through 1.8.2
IcedTea versions 1.9.x through 1.9.1
Description
The issue allows remote attackers to obtain sensitive information, including system properties such as
user.name, user.home, and java.home, as well as other sensitive information like installation directories, due to multiple sensitive variables being declared as public.Recommendations
For IcedTea versions 1.7.x through 1.7.5, update to version 1.7.6 or later.
For IcedTea versions 1.8.x through 1.8.2, update to version 1.8.3 or later.
For IcedTea versions 1.9.x through 1.9.1, update to version 1.9.2 or later.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Icedtea
Red Hat