CVE-2010-3860

Severity CVSS v4.0:
Pending analysis
Type:
CWE-200 Information Leak / Disclosure
Publication date:
08/12/2010
Last modified:
11/04/2025

Description

IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:redhat:icedtea:*:*:*:*:*:*:*:* 1.9.1 (including)
cpe:2.3:a:redhat:icedtea:1.5:rc1:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.5:rc2:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.5:rc3:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.9:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools