Home

CVE-2019-10181

Description

It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.217

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2019-10181,CVE-2019-10182,CVE-2019-10185 are affected in IcedTea-Web 1.7.2Windows
Vulnerabilities CVE-2019-10181,CVE-2019-10182,CVE-2019-10185 are affected in IcedTea-Web 1.8.2Windows
(RHSA-2019:2003) icedtea-web security update icedtea-web-1.7.1-2.el7_6.x86_64.rpmLinux
(RHSA-2019:2003) icedtea-web security update icedtea-web-devel-1.7.1-2.el7_6.noarch.rpmLinux
(RHSA-2019:2003) icedtea-web security update icedtea-web-javadoc-1.7.1-2.el7_6.noarch.rpmLinux
(RHSA-2019:2004) icedtea-web security update icedtea-web-1.7.1-17.el8_0.noarch.rpmLinux
(RHSA-2019:2004) icedtea-web security update icedtea-web-javadoc-1.7.1-17.el8_0.noarch.rpmLinux
Icedtea-web update (ELSA-2019-2004) icedtea-web-1.7.1-17.el8_0.noarch.rpmLinux
Icedtea-web-javadoc update (ELSA-2019-2004) icedtea-web-javadoc-1.7.1-17.el8_0.noarch.rpmLinux
(CESA-2019:2004) icedtea-web security update icedtea-web-1.7.1-17.el8_0.noarch.rpmLinux
(CESA-2019:2004) icedtea-web security update icedtea-web-javadoc-1.7.1-17.el8_0.noarch.rpmLinux
(CESA-2019:2003) icedtea-web security update icedtea-web-1.7.1-2.el7_6.x86_64.rpmLinux
(RHSA-2019:2003)Important: security update icedtea-web-debuginfo-1.7.1-2.el7_6.x86_64.rpmLinux
Icedtea-web update (ELSA-2019-2003) icedtea-web-1.7.1-2.el7_6.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-322218IcedTea-Web (1.8.8)
PATCH-322218IcedTea-Web (1.8.8)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234