IcedTea 1.7.x prior to 1.7.6, 1.8.x prior to 1.8.3, and 1.9.x prior to 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote malicious users to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat icedtea 1.8 |
||
redhat icedtea 1.8.1 |
||
redhat icedtea 1.8.2 |
||
redhat icedtea 1.9 |
||
redhat icedtea |
||
redhat icedtea 1.5 |
||
redhat icedtea 1.6 |
||
redhat icedtea 1.7 |