CVE-2010-3860
Published: 24 November 2010
IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.
Priority
Status
Package | Release | Status |
---|---|---|
openjdk-6 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(6b27-1.12.3-0ubuntu1~08.04.1)
|
|
karmic |
Released
(6b18-1.8.3-0ubuntu1~9.10.1)
|
|
lucid |
Released
(6b20-1.9.2-0ubuntu1~10.04.1)
|
|
maverick |
Released
(6b20-1.9.2-0ubuntu1)
|
|
upstream |
Needs triage
|
|
openjdk-6b18 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Not vulnerable
(6b18-1.8.4-0ubuntu1~9.10.1)
|
|
lucid |
Released
(6b18-1.8.3-0ubuntu1~10.04.1)
|
|
maverick |
Released
(6b18-1.8.3-0ubuntu1)
|
|
upstream |
Needs triage
|
|
sun-java5 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
hardy |
Not vulnerable
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
upstream |
Not vulnerable
|
|
sun-java6 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
upstream |
Not vulnerable
|