Home

CVE-2019-10182

Description

It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
1.428

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2019-10181,CVE-2019-10182,CVE-2019-10185 are affected in IcedTea-Web 1.7.2Windows
Vulnerabilities CVE-2019-10181,CVE-2019-10182,CVE-2019-10185 are affected in IcedTea-Web 1.8.2Windows
(RHSA-2019:2003) icedtea-web security update icedtea-web-1.7.1-2.el7_6.x86_64.rpmLinux
(RHSA-2019:2003) icedtea-web security update icedtea-web-devel-1.7.1-2.el7_6.noarch.rpmLinux
(RHSA-2019:2003) icedtea-web security update icedtea-web-javadoc-1.7.1-2.el7_6.noarch.rpmLinux
(RHSA-2019:2004) icedtea-web security update icedtea-web-1.7.1-17.el8_0.noarch.rpmLinux
(RHSA-2019:2004) icedtea-web security update icedtea-web-javadoc-1.7.1-17.el8_0.noarch.rpmLinux
Icedtea-web update (ELSA-2019-2004) icedtea-web-1.7.1-17.el8_0.noarch.rpmLinux
Icedtea-web-javadoc update (ELSA-2019-2004) icedtea-web-javadoc-1.7.1-17.el8_0.noarch.rpmLinux
(CESA-2019:2004) icedtea-web security update icedtea-web-1.7.1-17.el8_0.noarch.rpmLinux
(CESA-2019:2004) icedtea-web security update icedtea-web-javadoc-1.7.1-17.el8_0.noarch.rpmLinux
(CESA-2019:2003) icedtea-web security update icedtea-web-1.7.1-2.el7_6.x86_64.rpmLinux
(RHSA-2019:2003)Important: security update icedtea-web-debuginfo-1.7.1-2.el7_6.x86_64.rpmLinux
Icedtea-web update (ELSA-2019-2003) icedtea-web-1.7.1-2.el7_6.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-322218IcedTea-Web (1.8.8)
PATCH-322218IcedTea-Web (1.8.8)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234