CVE-2010-4351

CWE-264CWE-393CWE-3057 documents6 sources
Severity
6.8MEDIUM
EPSS
1.3%
top 20.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Icedtea
Timeline
PublishedJan 20
Latest updateMay 17

Description

The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

โ–ถNVDredhat/icedtea15 versions+14

Patches

Patch: bugzilla.redhat.com โ†—Patch: bugzilla.redhat.com โ†—

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-g6jh-xpq2-3rw2: The JNLP SecurityManager in IcedTea (IcedTeaโ†—2022-05-17
โ–ถ
CVEList
CVE-2010-4351: The JNLP SecurityManager in IcedTea (IcedTeaโ†—2011-01-20
โ–ถ

๐Ÿ“‹Vendor Advisories

3
Ubuntu
OpenJDK vulnerabilitiesโ†—2011-02-01
โ–ถ
Ubuntu
OpenJDK vulnerabilityโ†—2011-01-26
โ–ถ
Red Hat
IcedTea jnlp security manager bypassโ†—2011-01-18
โ–ถ

๐Ÿ’ฌCommunity

1
Bugzilla
CVE-2010-4351 IcedTea jnlp security manager bypassโ†—2010-12-16
โ–ถ
CVE-2010-4351 (MEDIUM CVSS 6.8) | The JNLP SecurityManager in IcedTea | cvebase.io