CVSS: 8.1EPSS: 4%CPEs: 4EXPL: 0CVE-2019-10181 – icedtea-web: unsigned code injection in a signed JAR file
https://notcve.org/view.php?id=CVE-2019-10181
It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox. Se descubrió icedtea-web hasta 1.7.2 y 1.8.2 inclusive con código ejecutable podría ser inyectado en un archivo JAR sin comprometer la verificación de la firma. Un atacante podría usar este defecto para inyectar un código en un archivo JAR seguro. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00045.html http://packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10181 https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327 https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344 https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html https://seclists.org/bugtraq/2019/Oct/5 https://security.gentoo.org/glsa/2021 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0CVE-2019-10182 – icedtea-web: path traversal while processing <jar/> elements of JNLP files results in arbitrary file overwrite
https://notcve.org/view.php?id=CVE-2019-10182
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user. Se descubrió que icedtea-web, aunque 1.7.2 y 1.8.2 no desinfectaban correctamente las rutas de los elementos en los archivos JNLP. Un atacante podría engañar a una víctima para que ejecute una aplicación especialmente diseñada y usar esta fallo para cargar archivos arbitrarios en ubicaciones arbitrarias en el contexto del usuario. It was found that icedtea-web did not properly sanitize paths from <jar/> elements in JNLP files. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00045.html http://packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10182 https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327 https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344 https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html https://seclists.org/bugtraq/2019/Oct/5 https://access.redhat.com/security/cv • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2019-10185 – icedtea-web: directory traversal in the nested jar auto-extraction leading to arbitrary file overwrite
https://notcve.org/view.php?id=CVE-2019-10185
It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox. Se descubrió que icedtea-web hasta 1.7.2 y 1.8.2 inclusive, era vulnerable para un ataque zip slip durante la extracción automática de un archivo JAR. Un atacante podría usar este defecto para escribir archivos a localizaciones arbitrarias. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00045.html http://packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10185 https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327 https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344 https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html https://seclists.org/bugtraq/2019/Oct/5 https://security.gentoo.org/glsa/2021 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •