VDB
CVE-2010-3860
CVE-2010-3860
PUBLISHED
CVSS 5 MEDIUM
IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.
EPSS 1.51% · 81.6th percentile
Risk Scores
CVSS v2.0
5
EPSS Score
1.51%
81.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| redhat | icedtea | 1.7, 0, 1.5 |
Timeline
- Dec 8, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- GLSA-201406-32 vendor-advisory
- FEDORA-2010-18393 vendor-advisory
- 43085 third-party-advisory
- ADV-2011-0215 vdb
- USN-1024-1 vendor-advisory
- SUSE-SR:2010:023 vendor-advisory
- 42412 third-party-advisory
- ADV-2010-3090 vdb
- http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/ url
- ADV-2010-3108 vdb
- https://bugzilla.redhat.com/show_bug.cgi?id=645843 url
- 42417 third-party-advisory
- 45114 vdb
- http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28 url
- RHSA-2011:0176 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2010-3860 advisory
- http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released url