Unrated severityNVD Advisory· Published Jul 31, 2019· Updated Aug 4, 2024
CVE-2019-10181
CVE-2019-10181
Description
It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- Range: <=1.7.2, <=1.8.2
- osv-coords7 versionspkg:rpm/opensuse/icedtea-web&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/icedtea-web&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/icedtea-web&distro=openSUSE%20Tumbleweedpkg:rpm/suse/icedtea-web&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/icedtea-web&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/icedtea-web&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015pkg:rpm/suse/icedtea-web&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP3
< 1.7.2-lp150.2.3.1+ 6 more
- (no CPE)range: < 1.7.2-lp150.2.3.1
- (no CPE)range: < 1.7.2-150100.7.3.1
- (no CPE)range: < 1.8.6-1.3
- (no CPE)range: < 1.7.2-150100.7.3.1
- (no CPE)range: < 1.7.2-150100.7.3.1
- (no CPE)range: < 1.7.2-3.3.1
- (no CPE)range: < 1.7.2-150100.7.3.1
- IcedTea/icedtea-webv5Range: affects up to and including 1.7.2 and 1.8.2
Patches
Vulnerability mechanics
References
8- lists.opensuse.org/opensuse-security-announce/2019-08/msg00045.htmlmitrevendor-advisoryx_refsource_SUSE
- security.gentoo.org/glsa/202107-51mitrevendor-advisoryx_refsource_GENTOO
- packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.htmlmitrex_refsource_MISC
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
- github.com/AdoptOpenJDK/IcedTea-Web/issues/327mitrex_refsource_CONFIRM
- github.com/AdoptOpenJDK/IcedTea-Web/pull/344mitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2019/09/msg00008.htmlmitremailing-listx_refsource_MLIST
- seclists.org/bugtraq/2019/Oct/5mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.