Описание
IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.
IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-3860
- https://bugzilla.redhat.com/show_bug.cgi?id=645843
- http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released
- http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28
- http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051711.html
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
- http://secunia.com/advisories/42412
- http://secunia.com/advisories/42417
- http://secunia.com/advisories/43085
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://www.redhat.com/support/errata/RHSA-2011-0176.html
- http://www.securityfocus.com/bid/45114
- http://www.ubuntu.com/usn/USN-1024-1
- http://www.vupen.com/english/advisories/2010/3090
- http://www.vupen.com/english/advisories/2010/3108
- http://www.vupen.com/english/advisories/2011/0215
Связанные уязвимости
IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.
IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.
IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.
IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2 ...
ELSA-2011-0176: java-1.6.0-openjdk security update (MODERATE)