Unrated severityNVD Advisory· Published Dec 8, 2010· Updated Apr 29, 2026
CVE-2010-3860
CVE-2010-3860
Description
IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.
Affected products
10cpe:2.3:a:redhat:icedtea:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:redhat:icedtea:*:*:*:*:*:*:*:*range: <=1.9.1
- cpe:2.3:a:redhat:icedtea:1.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.5:rc2:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.5:rc3:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea:1.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
15- icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28nvdPatch
- bugzilla.redhat.com/show_bug.cginvdPatch
- secunia.com/advisories/42412nvdVendor Advisory
- secunia.com/advisories/42417nvdVendor Advisory
- www.vupen.com/english/advisories/2010/3090nvdVendor Advisory
- www.vupen.com/english/advisories/2010/3108nvdVendor Advisory
- blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/nvd
- lists.fedoraproject.org/pipermail/package-announce/2010-December/051711.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.htmlnvd
- secunia.com/advisories/43085nvd
- security.gentoo.org/glsa/glsa-201406-32.xmlnvd
- www.redhat.com/support/errata/RHSA-2011-0176.htmlnvd
- www.securityfocus.com/bid/45114nvd
- www.ubuntu.com/usn/USN-1024-1nvd
- www.vupen.com/english/advisories/2011/0215nvd
News mentions
0No linked articles in our index yet.