Published: 08/12/2010 Updated: 04/10/2014
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

IcedTea 1.7.x prior to 1.7.6, 1.8.x prior to 1.8.3, and 1.9.x prior to 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote malicious users to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.

Vendor Advisories

It was discovered that certain system property information was being leaked, which could allow an attacker to obtain sensitive information ...