Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-4351

Опубликовано: 20 янв. 2011
Источник: nvd
CVSS2: 6.8
EPSS Низкий

Описание

The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:redhat:icedtea:1.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.7.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*

EPSS

Процентиль: 81%
0.01585
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu
больше 14 лет назад

The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.

redhat
больше 14 лет назад

The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.

debian
больше 14 лет назад

The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 ...

github
около 3 лет назад

The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.

oracle-oval
больше 14 лет назад

ELSA-2011-0176: java-1.6.0-openjdk security update (MODERATE)

EPSS

Процентиль: 81%
0.01585
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-264