Published: 31/07/2019 Updated: 12/02/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.

Vulnerable Product	Search on Vulmon	Subscribe to Product
icedtea-web project icedtea-web
icedtea-web project icedtea-web 1.8.2
debian debian linux 8.0
opensuse leap 15.0

Debian Bug report logs - #934319 CVE-2019-10181 CVE-2019-10182 CVE-2019-10185 Package: src:icedtea-web; Maintainer for src:icedtea-web is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 9 Aug 2019 16:15:05 UTC Severity: grave Tags: s ...

Synopsis Important: icedtea-web security update Type/Severity Security Advisory: Important Topic An update for icedtea-web is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...

Synopsis Important: icedtea-web security update Type/Severity Security Advisory: Important Topic An update for icedtea-web is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...

Impact: Moderate Public Date: 2019-07-31 CWE: CWE-345 Bugzilla: 1725928: CVE-2019-10181 icedtea-web: un ...

It was found that executable code could be injected in a JAR file without compromising the signature verification An attacker could use this flaw to inject code in a trusted JAR The code would be executed inside the sandbox ...

oss-sec mailing list archives   By Date By Thread </form>    icedtea-web: CVE-2019-10181 CVE-2019-10182 CVE-2019-10185   From: Cedric ...

Hosting proof of concept exploit code of the remote code execution vulnerabilities in the IcedTea-Web Java webstart implementation.

icedtea-web-vulnerabilities Hosting proof of concept exploit code of the remote code execution vulnerabilities in the IcedTea-Web Java webstart implementation IcedTea-Web IcedTeaWeb is an open source implementation of JSR-56 that is better known as Java Web Start It is currently maintained by RedHat and is included into the Windows packages of OpenJDK by default Three securi

CWE-345 https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10181 https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00045.html https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html https://seclists.org/bugtraq/2019/Oct/5 http://packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.html https://security.gentoo.org/glsa/202107-51 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934319 https://nvd.nist.gov https://github.com/irsl/icedtea-web-vulnerabilities https://access.redhat.com/security/cve/cve-2019-10181

CVE-2019-10181

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect