Veracode Vulnerability DatabaseVERACODE:24430Information Disclosure
EPSS
Percentile
80.5%
java is vulnerable to information disclosure. The vulnerability exists as a public static field declaration allowed untrusted JNLP (Java Network Launching Protocol) applications to read privileged data. A remote attacker could directly or indirectly read the values of restricted system properties, such as “user.name”, “user.home”, and “java.home”, which untrusted applications should not be allowed to read.
References
blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/
icedtea.classpath.org/hg/release/icedtea6-1.7/file/af20d64bc8b9/NEWS
icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28
lists.fedoraproject.org/pipermail/package-announce/2010-December/051711.html
lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
secunia.com/advisories/42412
secunia.com/advisories/42417
secunia.com/advisories/43085
security.gentoo.org/glsa/glsa-201406-32.xml
www.redhat.com/support/errata/RHSA-2011-0176.html
www.securityfocus.com/bid/45114
www.ubuntu.com/usn/USN-1024-1
www.vupen.com/english/advisories/2010/3090
www.vupen.com/english/advisories/2010/3108
www.vupen.com/english/advisories/2011/0215
access.redhat.com/errata/RHSA-2011:0176
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=645843
Related
