CVE-2019-10182 - OpenCVE

It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Linux Server Enterprise Linux Server Eus Enterprise Linux Desktop Enterprise Linux Workstation Enterprise Linux Server Aus
Icedtea-web Project	Icedtea-web

Configuration 1 [-]

OR	cpe:2.3:a:icedtea-web_project:icedtea-web::::::::
	cpe:2.3:a:icedtea-web_project:icedtea-web:1.8.2:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00045.html
http://packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10182	Issue Tracking Third Party Advisory
https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327	Patch Third Party Advisory
https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html
https://seclists.org/bugtraq/2019/Oct/5

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2019-07-31T21:52:39

Updated: 2019-10-07T16:06:08

Reserved: 2019-03-27T00:00:00

Link: CVE-2019-10182

JSON object: View

NVD Information

Status : Modified

Published: 2019-07-31T22:15:12.183

Modified: 2023-02-12T23:33:23.813

Link: CVE-2019-10182

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "icedtea-web", "vendor": "IcedTea", "versions": [{"status": "affected", "version": "affects up to and including 1.7.2 and 1.8.2"}]}], "descriptions": [{"lang": "en", "value": "It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-94", "description": "CWE-94", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-10-07T16:06:08", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10182"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327"}, {"name": "openSUSE-SU-2019:1911", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00045.html"}, {"name": "[debian-lts-announce] 20190909 [SECURITY] [DLA 1914-1] icedtea-web security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html"}, {"name": "20191007 CVE-2019-10181, CVE-2019-10182, CVE-2019-10185: IcedTea-Web vulnerabilities leading to RCE", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Oct/5"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.html"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-10182", "datePublished": "2019-07-31T21:52:39", "dateReserved": "2019-03-27T00:00:00", "dateUpdated": "2019-10-07T16:06:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:icedtea-web_project:icedtea-web:*:*:*:*:*:*:*:*", "matchCriteriaId": "32F81AF6-462E-46F2-BECE-9400353385DD", "versionEndIncluding": "1.7.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:icedtea-web_project:icedtea-web:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "89D3F8CA-CE6A-41C3-AF15-ADA178DBF351", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user."}, {"lang": "es", "value": "Se descubri\u00f3 que icedtea-web, aunque 1.7.2 y 1.8.2 no desinfectaban correctamente las rutas de los elementos en los archivos JNLP. Un atacante podr\u00eda enga\u00f1ar a una v\u00edctima para que ejecute una aplicaci\u00f3n especialmente dise\u00f1ada y usar esta fallo para cargar archivos arbitrarios en ubicaciones arbitrarias en el contexto del usuario."}], "id": "CVE-2019-10182", "lastModified": "2023-02-12T23:33:23.813", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2019-07-31T22:15:12.183", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00045.html"}, {"source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.html"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10182"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html"}, {"source": "secalert@redhat.com", "url": "https://seclists.org/bugtraq/2019/Oct/5"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-94"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Secondary"}]}