Test ID:	1.3.6.1.4.1.25623.1.1.2.2021.2384
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for icedtea-web (EulerOS-SA-2021-2384)
Summary:	The remote host is missing an update for the Huawei EulerOS 'icedtea-web' package(s) announced via the EulerOS-SA-2021-2384 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'icedtea-web' package(s) announced via the EulerOS-SA-2021-2384 advisory. Vulnerability Insight: It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.(CVE-2019-10181) Affected Software/OS: 'icedtea-web' package(s) on Huawei EulerOS V2.0SP2. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-10181 20191007 CVE-2019-10181, CVE-2019-10182, CVE-2019-10185: IcedTea-Web vulnerabilities leading to RCE https://seclists.org/bugtraq/2019/Oct/5 GLSA-202107-51 https://security.gentoo.org/glsa/202107-51 [debian-lts-announce] 20190909 [SECURITY] [DLA 1914-1] icedtea-web security update https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html http://packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10181 https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327 https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344 openSUSE-SU-2019:1911 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00045.html
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.