CVE-2010-4351

N/A Unknown

Published: January 20, 2011 Modified: April 29, 2026

Description

The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://blog.fuseyism.com/index.php/2011/01/18/security-icedtea6-177-184-194-released/

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053276.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053288.html

Source: secalert@redhat.com

http://osvdb.org/70605

Source: secalert@redhat.com

http://secunia.com/advisories/43002

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/43078

Source: secalert@redhat.com

http://secunia.com/advisories/43085

Source: secalert@redhat.com

http://secunia.com/advisories/43135

Source: secalert@redhat.com

http://security.gentoo.org/glsa/glsa-201406-32.xml

Source: secalert@redhat.com

http://www.debian.org/security/2011/dsa-2224

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2011:054

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2011-0176.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/45894

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-1052-1

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-1055-1

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2011/0165

Source: secalert@redhat.com

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0166

Source: secalert@redhat.com

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0215

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2011/0239

Source: secalert@redhat.com

http://www.zerodayinitiative.com/advisories/ZDI-11-014/

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=663680

Source: secalert@redhat.com

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/64893

Source: secalert@redhat.com

http://blog.fuseyism.com/index.php/2011/01/18/security-icedtea6-177-184-194-released/

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053276.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053288.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/70605

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43002

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/43078

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43085

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43135

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-201406-32.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2011/dsa-2224

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:054

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2011-0176.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/45894

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1052-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1055-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0165

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0166

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0215

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0239

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.zerodayinitiative.com/advisories/ZDI-11-014/

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=663680

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/64893

Source: af854a3a-2127-422b-91ae-364da2661108

44 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

2.5%

83th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

redhat sun

Related CVEs

CVE-2026-40941 N/A

CVE-2026-40084 6.5

CVE-2026-40083 7.2

CVE-2026-40082 5.4

CVE-2026-40080 6.1