Vulnerability Description
The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Icedtea | 1.7 |
| Sun | Openjdk | All versions |
Related Weaknesses (CWE)
References
- http://blog.fuseyism.com/index.php/2011/01/18/security-icedtea6-177-184-194-rele
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053276.ht
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053288.ht
- http://osvdb.org/70605
- http://secunia.com/advisories/43002Vendor Advisory
- http://secunia.com/advisories/43078
- http://secunia.com/advisories/43085
- http://secunia.com/advisories/43135
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://www.debian.org/security/2011/dsa-2224
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:054
- http://www.redhat.com/support/errata/RHSA-2011-0176.html
- http://www.securityfocus.com/bid/45894
- http://www.ubuntu.com/usn/USN-1052-1
- http://www.ubuntu.com/usn/USN-1055-1
FAQ
What is CVE-2010-4351?
CVE-2010-4351 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in c...
How severe is CVE-2010-4351?
CVE-2010-4351 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4351?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Icedtea, Sun Openjdk.