Home > Vulnerability Database > CVE-2010-4351

Mend.io Vulnerability Database

CVE-2010-4351

Date: January 20, 2011

The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.

Severity Score

5.6

Related Resources (25)

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/64893

Url: http://www.securityfocus.com/bid/45894

Url: http://www.zerodayinitiative.com/advisories/ZDI-11-014/

Url: http://security.gentoo.org/glsa/glsa-201406-32.xml

Url: https://access.redhat.com/security/cve/CVE-2010-4351

Url: http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053276.html

Url: http://www.ubuntu.com/usn/USN-1055-1

Url: http://www.redhat.com/support/errata/RHSA-2011-0176.html

Url: http://www.ubuntu.com/usn/USN-1052-1

Url: http://www.vupen.com/english/advisories/2011/0239

Url: http://secunia.com/advisories/43078

Url: http://www.debian.org/security/2011/dsa-2224

Url: http://secunia.com/advisories/43002

Url: http://www.vupen.com/english/advisories/2011/0215

Url: http://secunia.com/advisories/43085

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2011:054

Url: http://www.vupen.com/english/advisories/2011/0165

Url: http://blog.fuseyism.com/index.php/2011/01/18/security-icedtea6-177-184-194-released/

Url: https://bugzilla.redhat.com/show_bug.cgi?id=663680

Url: http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053288.html

Url: http://osvdb.org/70605

Url: https://nvd.nist.gov/vuln/detail/CVE-2010-4351

Url: http://secunia.com/advisories/43135

Url: http://www.vupen.com/english/advisories/2011/0166

Url: https://www.mend.io/vulnerability-database/CVE-2010-4351

Severity Score

5.6

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2010-4351

Date: January 20, 2011

Severity Score

Related Resources (25)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?