Detections
Analytics

CVE-2010-4351

critical

Description

The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/64893

https://bugzilla.redhat.com/show_bug.cgi?id=663680

http://www.zerodayinitiative.com/advisories/ZDI-11-014/

http://www.vupen.com/english/advisories/2011/0239

http://www.vupen.com/english/advisories/2011/0215

http://www.vupen.com/english/advisories/2011/0166

http://www.vupen.com/english/advisories/2011/0165

http://www.ubuntu.com/usn/USN-1055-1

http://www.ubuntu.com/usn/USN-1052-1

http://www.securityfocus.com/bid/45894

http://www.redhat.com/support/errata/RHSA-2011-0176.html

http://www.mandriva.com/security/advisories?name=MDVSA-2011:054

http://www.debian.org/security/2011/dsa-2224

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://secunia.com/advisories/43135

http://secunia.com/advisories/43085

http://secunia.com/advisories/43078

http://secunia.com/advisories/43002

http://osvdb.org/70605

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053288.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053276.html

http://blog.fuseyism.com/index.php/2011/01/18/security-icedtea6-177-184-194-released/

Details

Source: Mitre, NVD

Published: 2011-01-20

Updated: 2023-02-13

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical