Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-4351 | First vendor Publication | 2011-01-20 |
Vendor | Cve | Last vendor Modification | 2023-02-13 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4351 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:21749 | |||
Oval ID: | oval:org.mitre.oval:def:21749 | ||
Title: | RHSA-2011:0176: java-1.6.0-openjdk security update (Moderate) | ||
Description: | The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0176-01 CESA-2011:0176 CVE-2010-3860 CVE-2010-4351 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22663 | |||
Oval ID: | oval:org.mitre.oval:def:22663 | ||
Title: | ELSA-2011:0176: java-1.6.0-openjdk security update (Moderate) | ||
Description: | The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0176-01 CVE-2010-3860 CVE-2010-4351 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27537 | |||
Oval ID: | oval:org.mitre.oval:def:27537 | ||
Title: | DEPRECATED: ELSA-2011-0176 -- java-1.6.0-openjdk security update (moderate) | ||
Description: | [1:1.6.0.0-1.17.b17.0.1.el5] - Add oracle-enterprise.patch [1:1.6.0.0-1.17.b17.el5] - Updated to 1.7.7 tarball - Resolves: bz668487 - Also resolves bz668488 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0176 CVE-2010-3860 CVE-2010-4351 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for java CESA-2011:0176 centos5 x86_64 File : nvt/gb_CESA-2011_0176_java_centos5_x86_64.nasl |
2011-08-09 | Name : CentOS Update for java CESA-2011:0176 centos5 i386 File : nvt/gb_CESA-2011_0176_java_centos5_i386.nasl |
2011-05-12 | Name : Debian Security Advisory DSA 2224-1 (openjdk-6) File : nvt/deb_2224_1.nasl |
2011-04-01 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2011_054.nasl |
2011-02-04 | Name : Ubuntu Update for openjdk-6, openjdk-6b18 vulnerabilities USN-1055-1 File : nvt/gb_ubuntu_USN_1055_1.nasl |
2011-01-31 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0176-01 File : nvt/gb_RHSA-2011_0176-01_java-1.6.0-openjdk.nasl |
2011-01-31 | Name : Ubuntu Update for openjdk-6, openjdk-6b18 vulnerability USN-1052-1 File : nvt/gb_ubuntu_USN_1052_1.nasl |
2011-01-21 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-0500 File : nvt/gb_fedora_2011_0500_java-1.6.0-openjdk_fc13.nasl |
2011-01-21 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-0521 File : nvt/gb_fedora_2011_0521_java-1.6.0-openjdk_fc14.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70605 | OpenJDK IcedTea JNLP SecurityManager checkPermission Method Exception Bypass Java OpenJDK contains a flaw related to the 'JNLPSecurityManager' class not properly enforcing security policies in the 'IcedTea.so' component. This may allow a context-dependent attacker to use a crafted website or applet to execute arbitrary code. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-openjdk-110118.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0176.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110125_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-110118.nasl - Type : ACT_GATHER_INFO |
2011-04-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2224.nasl - Type : ACT_GATHER_INFO |
2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0176.nasl - Type : ACT_GATHER_INFO |
2011-03-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-054.nasl - Type : ACT_GATHER_INFO |
2011-02-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1055-1.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1052-1.nasl - Type : ACT_GATHER_INFO |
2011-01-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0176.nasl - Type : ACT_GATHER_INFO |
2011-01-20 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0500.nasl - Type : ACT_GATHER_INFO |
2011-01-20 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0521.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2023-02-13 09:29:01 |
|
2023-02-02 21:28:49 |
|
2020-05-23 00:26:57 |
|
2017-08-17 09:23:09 |
|
2016-06-28 18:23:07 |
|
2016-04-26 20:15:16 |
|
2014-10-04 09:24:59 |
|
2014-07-01 13:24:53 |
|
2014-06-14 13:29:48 |
|
2014-02-17 10:58:43 |
|
2013-05-10 23:37:39 |
|