VDB

CVE-2019-10181

CVE-2019-10181 PUBLISHED

It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.

EPSS 0.39% · 60.4th percentile

Risk Scores

EPSS Score
0.39%
60.4th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSicedtea-web1.6.2-3ubuntu1, 1.6.2-1ubuntu1, 1.6.2-2ubuntu1
Ubuntu:20.04:LTSicedtea-web1.8-0ubuntu8, 0
Ubuntu:25.10icedtea-web1.8.8-3, 0
Ubuntu:24.04:LTSicedtea-web0, 1.8.8-2, 1.8.8-2ubuntu1
Ubuntu:22.04:LTSicedtea-web0, 1.8.4-1build1
Ubuntu:18.04:LTSicedtea-web*, 1.6.2-3.1ubuntu3, 0

Exploit Intelligence

Timeline

  • Jul 31, 2019 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 11, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›