CVE-2010-2548

Publication date 17 August 2010

Last updated 24 July 2024

Ubuntu priority

Why this priority?

Cvss 3 Severity Score

Score breakdown

IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
openjdk-6	10.04 LTS lucid	Fixed 6b18-1.8.1-0ubuntu1
	9.10 karmic	Fixed 6b18-1.8.1-0ubuntu1~9.10.1
	9.04 jaunty	Fixed 6b18-1.8.1-0ubuntu1~9.04.1
	8.04 LTS hardy	Fixed 6b18-1.8.1-0ubuntu1~8.04.1
	6.06 LTS dapper	Not in release

Severity score breakdown

Parameter	Value
Base score	9.1 · Critical
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	None
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References

Related Ubuntu Security Notices (USN)

USN-971-1
OpenJDK vulnerabilities
16 August 2010

Other references

https://www.cve.org/CVERecord?id=CVE-2010-2548