9.1 - CVE-2010-2783

Executive Summary

Informations
Name	CVE-2010-2783	First vendor Publication	2019-10-31
Vendor	Cve	Last vendor Modification	2019-11-04

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Overall CVSS Score	9.1
Base Score	9.1	Environmental Score	9.1
impact SubScore	5.2	Temporal Score	9.1
Exploitabality Sub Score	3.9

Attack Vector	Network	Attack Complexity	Low
Privileges Required	None	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Cvss Base Score	6.4	Attack Range	Network
Cvss Impact Score	4.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2783

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-200	Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13035

Oval ID:	oval:org.mitre.oval:def:13035
Title:	USN-971-1 -- openjdk-6 vulnerabilities
Description:	It was discovered that the IcedTea plugin did not correctly check certain accesses. If a user or automated system were tricked into running a specially crafted Java applet, a remote attacker could read arbitrary files with user privileges, leading to a loss of privacy
Family:	unix	Class:	patch
Reference(s):	USN-971-1 CVE-2010-2548 CVE-2010-2783	Version:	5
Platform(s):	Ubuntu 10.04 Ubuntu 9.04 Ubuntu 9.10	Product(s):	openjdk-6
Definition Synopsis:
Release section Ubuntu 10.04 is installed AND Architecture section Architecture independet section Installed architecture is all AND Packages section openjdk-6-jre-lib DPKG is earlier than 6b18-1.8.1-0ubuntu1 AND openjdk-6-doc DPKG is earlier than 6b18-1.8.1-0ubuntu1 AND openjdk-6-source DPKG is earlier than 6b18-1.8.1-0ubuntu1 OR Architecture depended section Supported architectures section Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is amd64 AND Installed architecture is i386 AND Packages section openjdk-6-jre DPKG is earlier than 6b18-1.8.1-0ubuntu1 AND openjdk-6-jre-headless DPKG is earlier than 6b18-1.8.1-0ubuntu1 AND openjdk-6-demo DPKG is earlier than 6b18-1.8.1-0ubuntu1 AND openjdk-6-dbg DPKG is earlier than 6b18-1.8.1-0ubuntu1 AND openjdk-6-jdk DPKG is earlier than 6b18-1.8.1-0ubuntu1 AND icedtea6-plugin DPKG is earlier than 6b18-1.8.1-0ubuntu1 OR Architecture depended section Supported architectures section Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is powerpc AND Packages section icedtea-6-jre-cacao DPKG is earlier than 6b18-1.8.1-0ubuntu1 AND openjdk-6-jre-zero DPKG is earlier than 6b18-1.8.1-0ubuntu1 OR Release section Ubuntu 9.04 is installed AND Architecture section Architecture independet section Installed architecture is all AND Packages section openjdk-6-jre-lib DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.04.1 AND openjdk-6-doc DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.04.1 AND openjdk-6-source DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.04.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is lpia AND Packages section icedtea-6-jre-cacao DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.04.1 AND openjdk-6-jre DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.04.1 AND openjdk-6-jre-headless DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.04.1 AND openjdk-6-demo DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.04.1 AND openjdk-6-dbg DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.04.1 AND openjdk-6-jdk DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.04.1 AND icedtea6-plugin DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.04.1 OR Architecture depended section Installed architecture is sparc AND Packages section openjdk-6-jre-headless DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.04.1 AND openjdk-6-demo DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.04.1 AND openjdk-6-dbg DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.04.1 AND openjdk-6-jdk DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.04.1 AND openjdk-6-jre DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.04.1 OR Supported platform section Installed architecture is amd64 AND openjdk-6-jre-zero DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.04.1 OR Release section Ubuntu 9.10 is installed AND Architecture section Architecture independet section Installed architecture is all AND Packages section openjdk-6-jre-lib DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.10.1 AND openjdk-6-doc DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.10.1 AND openjdk-6-source DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.10.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section openjdk-6-jre DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.10.1 AND openjdk-6-jre-headless DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.10.1 AND openjdk-6-demo DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.10.1 AND openjdk-6-dbg DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.10.1 AND openjdk-6-jdk DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.10.1 AND icedtea6-plugin DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.10.1 OR Architecture depended section Supported architectures section Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND Packages section icedtea-6-jre-cacao DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.10.1 AND openjdk-6-jre-zero DPKG is earlier than 6b18-1.8.1-0ubuntu1~9.10.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Redhat icedtea6 cpe:2.3:a:redhat:icedtea6::::::::	1

OpenVAS Exploits

Date	Description
2010-08-20	Name : Ubuntu Update for openjdk-6 vulnerabilities USN-971-1 File : nvt/gb_ubuntu_USN_971_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
75194	OpenJDK IcedTea Plugin Crafted Applet Arbitrary File Access (2010-2783)

Nessus® Vulnerability Scanner

Date	Description
2014-06-30	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-openjdk-100820.nasl - Type : ACT_GATHER_INFO
2010-08-27	Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-100824.nasl - Type : ACT_GATHER_INFO
2010-08-27	Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-100820.nasl - Type : ACT_GATHER_INFO
2010-08-17	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-971-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
CONFIRM	http://blog.fuseyism.com/index.php/2010/07/28/icedtea6-174-released/
MISC	http://security.gentoo.org/glsa/glsa-201406-32.xml https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2783 https://security-tracker.debian.org/tracker/CVE-2010-2783

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-04 12:12:05	Multiple Updates
2021-04-22 01:12:35	Multiple Updates
2020-05-23 00:26:09	First insertion

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	1
Sources(s)	4
osvdb(s)	1
Openvas Exploit(s)	1
Nessus® Exploit(s)	5

	Related
10	GLSA-201406-32
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0453s

Facebook rss twitter linkedin mail