Vulnerabilites related to redhat - icedtea-web
CVE-2012-4540 (GCVE-0-2012-4540)
Vulnerability from cvelistv5
Published
2012-11-11 11:00
Modified
2024-08-06 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:53.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS"
},
{
"name": "DSA-2768",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2768"
},
{
"name": "openSUSE-SU-2015:1595",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f"
},
{
"name": "56434",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56434"
},
{
"name": "RHSA-2012:1434",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1434.html"
},
{
"name": "[distro-pkg-dev] 20121107 IcedTea-Web 1.1.7, 1.2.2 and 1.3.1 [security releases] released!",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html"
},
{
"name": "51220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51220"
},
{
"name": "openSUSE-SU-2013:1511",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html"
},
{
"name": "icedtea-applet-bo(79894)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79894"
},
{
"name": "51374",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51374"
},
{
"name": "1027738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027738"
},
{
"name": "USN-1625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1625-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=869040"
},
{
"name": "openSUSE-SU-2013:1509",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html"
},
{
"name": "[distro-pkg-dev] 20130919 IcedTea-Web 1.4.1 released!",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html"
},
{
"name": "51206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51206"
},
{
"name": "openSUSE-SU-2012:1524",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html"
},
{
"name": "62426",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62426"
},
{
"name": "[oss-security] 20121107 IcedTea-Web CVE-2012-4540",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/5"
},
{
"name": "MDVSA-2012:171",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:171"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007960"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe"
},
{
"name": "openSUSE-SU-2013:0174",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a \"triggering event attached to applet.\" NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS"
},
{
"name": "DSA-2768",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2768"
},
{
"name": "openSUSE-SU-2015:1595",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f"
},
{
"name": "56434",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56434"
},
{
"name": "RHSA-2012:1434",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1434.html"
},
{
"name": "[distro-pkg-dev] 20121107 IcedTea-Web 1.1.7, 1.2.2 and 1.3.1 [security releases] released!",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html"
},
{
"name": "51220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51220"
},
{
"name": "openSUSE-SU-2013:1511",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html"
},
{
"name": "icedtea-applet-bo(79894)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79894"
},
{
"name": "51374",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51374"
},
{
"name": "1027738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027738"
},
{
"name": "USN-1625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1625-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=869040"
},
{
"name": "openSUSE-SU-2013:1509",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html"
},
{
"name": "[distro-pkg-dev] 20130919 IcedTea-Web 1.4.1 released!",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html"
},
{
"name": "51206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51206"
},
{
"name": "openSUSE-SU-2012:1524",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html"
},
{
"name": "62426",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62426"
},
{
"name": "[oss-security] 20121107 IcedTea-Web CVE-2012-4540",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/5"
},
{
"name": "MDVSA-2012:171",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:171"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007960"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe"
},
{
"name": "openSUSE-SU-2013:0174",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a \"triggering event attached to applet.\" NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS"
},
{
"name": "DSA-2768",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2768"
},
{
"name": "openSUSE-SU-2015:1595",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f"
},
{
"name": "56434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56434"
},
{
"name": "RHSA-2012:1434",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1434.html"
},
{
"name": "[distro-pkg-dev] 20121107 IcedTea-Web 1.1.7, 1.2.2 and 1.3.1 [security releases] released!",
"refsource": "MLIST",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html"
},
{
"name": "51220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51220"
},
{
"name": "openSUSE-SU-2013:1511",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html"
},
{
"name": "icedtea-applet-bo(79894)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79894"
},
{
"name": "51374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51374"
},
{
"name": "1027738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027738"
},
{
"name": "USN-1625-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1625-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=869040",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=869040"
},
{
"name": "openSUSE-SU-2013:1509",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html"
},
{
"name": "[distro-pkg-dev] 20130919 IcedTea-Web 1.4.1 released!",
"refsource": "MLIST",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html"
},
{
"name": "51206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51206"
},
{
"name": "openSUSE-SU-2012:1524",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html"
},
{
"name": "62426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62426"
},
{
"name": "[oss-security] 20121107 IcedTea-Web CVE-2012-4540",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/5"
},
{
"name": "MDVSA-2012:171",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:171"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1007960",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007960"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe"
},
{
"name": "openSUSE-SU-2013:0174",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4540",
"datePublished": "2012-11-11T11:00:00",
"dateReserved": "2012-08-21T00:00:00",
"dateUpdated": "2024-08-06T20:42:53.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2514 (GCVE-0-2011-2514)
Vulnerability from cvelistv5
Published
2014-05-14 00:00
Modified
2024-08-06 23:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
},
{
"name": "USN-1178-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1178-1"
},
{
"name": "RHSA-2011:1100",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
},
{
"name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 \u0026 1.9.9 Released!",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=718170"
},
{
"name": "1025854",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025854"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-13T23:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
},
{
"name": "USN-1178-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1178-1"
},
{
"name": "RHSA-2011:1100",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
},
{
"name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 \u0026 1.9.9 Released!",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=718170"
},
{
"name": "1025854",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025854"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released",
"refsource": "MLIST",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
},
{
"name": "USN-1178-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1178-1"
},
{
"name": "RHSA-2011:1100",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
},
{
"name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 \u0026 1.9.9 Released!",
"refsource": "MLIST",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0",
"refsource": "MISC",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388",
"refsource": "MISC",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=718170",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=718170"
},
{
"name": "1025854",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025854"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2514",
"datePublished": "2014-05-14T00:00:00",
"dateReserved": "2011-06-15T00:00:00",
"dateUpdated": "2024-08-06T23:00:34.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3422 (GCVE-0-2012-3422)
Vulnerability from cvelistv5
Published
2012-08-07 21:00
Modified
2024-08-06 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840592"
},
{
"name": "SUSE-SU-2013:0851",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"name": "USN-1521-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1521-1"
},
{
"name": "openSUSE-SU-2012:0982",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
},
{
"name": "SUSE-SU-2013:1174",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"name": "openSUSE-SU-2013:0826",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"name": "openSUSE-SU-2012:0981",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
},
{
"name": "SUSE-SU-2012:0979",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
},
{
"name": "openSUSE-SU-2013:0966",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"name": "openSUSE-SU-2013:0893",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"name": "RHSA-2012:1132",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
},
{
"name": "50089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50089"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-02T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840592"
},
{
"name": "SUSE-SU-2013:0851",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"name": "USN-1521-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1521-1"
},
{
"name": "openSUSE-SU-2012:0982",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
},
{
"name": "SUSE-SU-2013:1174",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"name": "openSUSE-SU-2013:0826",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"name": "openSUSE-SU-2012:0981",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
},
{
"name": "SUSE-SU-2012:0979",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
},
{
"name": "openSUSE-SU-2013:0966",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"name": "openSUSE-SU-2013:0893",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"name": "RHSA-2012:1132",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
},
{
"name": "50089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50089"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=840592",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840592"
},
{
"name": "SUSE-SU-2013:0851",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"name": "USN-1521-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1521-1"
},
{
"name": "openSUSE-SU-2012:0982",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
},
{
"name": "SUSE-SU-2013:1174",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"name": "openSUSE-SU-2013:0826",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"name": "openSUSE-SU-2012:0981",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
},
{
"name": "SUSE-SU-2012:0979",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
},
{
"name": "openSUSE-SU-2013:0966",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"name": "openSUSE-SU-2013:0893",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"name": "RHSA-2012:1132",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
},
{
"name": "50089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50089"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3422",
"datePublished": "2012-08-07T21:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3377 (GCVE-0-2011-3377)
Vulnerability from cvelistv5
Published
2014-02-05 19:00
Modified
2024-08-06 23:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742515"
},
{
"name": "RHSA-2011:1441",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1441.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/"
},
{
"name": "76940",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/76940"
},
{
"name": "openSUSE-SU-2012:0371",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00028.html"
},
{
"name": "DSA-2420",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2420"
},
{
"name": "50610",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50610"
},
{
"name": "USN-1263-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1263-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-05T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742515"
},
{
"name": "RHSA-2011:1441",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1441.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/"
},
{
"name": "76940",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/76940"
},
{
"name": "openSUSE-SU-2012:0371",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00028.html"
},
{
"name": "DSA-2420",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2420"
},
{
"name": "50610",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50610"
},
{
"name": "USN-1263-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1263-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=742515",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742515"
},
{
"name": "RHSA-2011:1441",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1441.html"
},
{
"name": "http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/",
"refsource": "CONFIRM",
"url": "http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/"
},
{
"name": "76940",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/76940"
},
{
"name": "openSUSE-SU-2012:0371",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00028.html"
},
{
"name": "DSA-2420",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2420"
},
{
"name": "50610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50610"
},
{
"name": "USN-1263-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1263-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3377",
"datePublished": "2014-02-05T19:00:00",
"dateReserved": "2011-08-30T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3423 (GCVE-0-2012-3423)
Vulnerability from cvelistv5
Published
2012-08-07 21:00
Modified
2024-08-06 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=863"
},
{
"name": "SUSE-SU-2013:0851",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"name": "USN-1521-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1521-1"
},
{
"name": "openSUSE-SU-2012:0982",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841345"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d65bd94e0ba9"
},
{
"name": "SUSE-SU-2013:1174",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"name": "openSUSE-SU-2013:0826",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"name": "openSUSE-SU-2012:0981",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d7375e2a9076"
},
{
"name": "SUSE-SU-2012:0979",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
},
{
"name": "openSUSE-SU-2013:0966",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"name": "openSUSE-SU-2013:0893",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"name": "RHSA-2012:1132",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
},
{
"name": "50089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-02T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=863"
},
{
"name": "SUSE-SU-2013:0851",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"name": "USN-1521-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1521-1"
},
{
"name": "openSUSE-SU-2012:0982",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841345"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d65bd94e0ba9"
},
{
"name": "SUSE-SU-2013:1174",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"name": "openSUSE-SU-2013:0826",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"name": "openSUSE-SU-2012:0981",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d7375e2a9076"
},
{
"name": "SUSE-SU-2012:0979",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
},
{
"name": "openSUSE-SU-2013:0966",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"name": "openSUSE-SU-2013:0893",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"name": "RHSA-2012:1132",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
},
{
"name": "50089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
},
{
"name": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=863",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=863"
},
{
"name": "SUSE-SU-2013:0851",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"name": "USN-1521-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1521-1"
},
{
"name": "openSUSE-SU-2012:0982",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841345",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841345"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d65bd94e0ba9",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d65bd94e0ba9"
},
{
"name": "SUSE-SU-2013:1174",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"name": "openSUSE-SU-2013:0826",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"name": "openSUSE-SU-2012:0981",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d7375e2a9076",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d7375e2a9076"
},
{
"name": "SUSE-SU-2012:0979",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
},
{
"name": "openSUSE-SU-2013:0966",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"name": "openSUSE-SU-2013:0893",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"name": "RHSA-2012:1132",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
},
{
"name": "50089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50089"
},
{
"name": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3423",
"datePublished": "2012-08-07T21:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0706 (GCVE-0-2011-0706)
Vulnerability from cvelistv5
Published
2011-02-18 23:00
Modified
2024-08-06 21:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:26.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2011-1631",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "FEDORA-2011-1645",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"
},
{
"name": "46439",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46439"
},
{
"name": "icedtea-jnlpclassloader-priv-esc(65534)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65534"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/"
},
{
"name": "43350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43350"
},
{
"name": "DSA-2224",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2224"
},
{
"name": "oval:org.mitre.oval:def:14117",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=677332"
},
{
"name": "MDVSA-2011:054",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of \"an inappropriate security descriptor.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2011-1631",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "FEDORA-2011-1645",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"
},
{
"name": "46439",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46439"
},
{
"name": "icedtea-jnlpclassloader-priv-esc(65534)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65534"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/"
},
{
"name": "43350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43350"
},
{
"name": "DSA-2224",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2224"
},
{
"name": "oval:org.mitre.oval:def:14117",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=677332"
},
{
"name": "MDVSA-2011:054",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0706",
"datePublished": "2011-02-18T23:00:00",
"dateReserved": "2011-01-31T00:00:00",
"dateUpdated": "2024-08-06T21:58:26.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6493 (GCVE-0-2013-6493)
Vulnerability from cvelistv5
Published
2014-03-03 16:00
Modified
2024-08-06 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:22.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[distro-pkg-dev] 20140305 IcedTea-Web 1.4.2 released!",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-February/026192.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010958"
},
{
"name": "USN-2131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2131-1"
},
{
"name": "[oss-security] 20140207 IcedTea-Web insecure temporary directory use - CVE-2013-6493",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/282"
},
{
"name": "57036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57036"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a"
},
{
"name": "openSUSE-SU-2014:0310",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00089.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-07T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[distro-pkg-dev] 20140305 IcedTea-Web 1.4.2 released!",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-February/026192.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010958"
},
{
"name": "USN-2131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2131-1"
},
{
"name": "[oss-security] 20140207 IcedTea-Web insecure temporary directory use - CVE-2013-6493",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/282"
},
{
"name": "57036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57036"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a"
},
{
"name": "openSUSE-SU-2014:0310",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00089.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[distro-pkg-dev] 20140305 IcedTea-Web 1.4.2 released!",
"refsource": "MLIST",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-February/026192.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1010958",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010958"
},
{
"name": "USN-2131-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2131-1"
},
{
"name": "[oss-security] 20140207 IcedTea-Web insecure temporary directory use - CVE-2013-6493",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/282"
},
{
"name": "57036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57036"
},
{
"name": "http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a"
},
{
"name": "openSUSE-SU-2014:0310",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00089.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6493",
"datePublished": "2014-03-03T16:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:46:22.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1926 (GCVE-0-2013-1926)
Vulnerability from cvelistv5
Published
2013-04-29 22:00
Modified
2024-08-06 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92543",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/92543"
},
{
"name": "SUSE-SU-2013:0851",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"name": "openSUSE-SU-2013:0897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
},
{
"name": "icedtea-cve20131940-security-bypass(83642)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83642"
},
{
"name": "MDVSA-2013:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
},
{
"name": "SUSE-SU-2013:1174",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"name": "53109",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53109"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586"
},
{
"name": "openSUSE-SU-2013:0826",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"name": "openSUSE-SU-2013:0735",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
},
{
"name": "53117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53117"
},
{
"name": "RHSA-2013:0753",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
},
{
"name": "openSUSE-SU-2013:0966",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"name": "openSUSE-SU-2013:0893",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c"
},
{
"name": "USN-1804-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1804-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
},
{
"name": "59281",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59281"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
},
{
"name": "openSUSE-SU-2013:0715",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916774"
},
{
"name": "[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "92543",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/92543"
},
{
"name": "SUSE-SU-2013:0851",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"name": "openSUSE-SU-2013:0897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
},
{
"name": "icedtea-cve20131940-security-bypass(83642)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83642"
},
{
"name": "MDVSA-2013:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
},
{
"name": "SUSE-SU-2013:1174",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"name": "53109",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53109"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586"
},
{
"name": "openSUSE-SU-2013:0826",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"name": "openSUSE-SU-2013:0735",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
},
{
"name": "53117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53117"
},
{
"name": "RHSA-2013:0753",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
},
{
"name": "openSUSE-SU-2013:0966",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"name": "openSUSE-SU-2013:0893",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c"
},
{
"name": "USN-1804-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1804-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
},
{
"name": "59281",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/59281"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
},
{
"name": "openSUSE-SU-2013:0715",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916774"
},
{
"name": "[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92543",
"refsource": "OSVDB",
"url": "http://osvdb.org/92543"
},
{
"name": "SUSE-SU-2013:0851",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"name": "openSUSE-SU-2013:0897",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
},
{
"name": "icedtea-cve20131940-security-bypass(83642)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83642"
},
{
"name": "MDVSA-2013:146",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
},
{
"name": "SUSE-SU-2013:1174",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"name": "53109",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53109"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586"
},
{
"name": "openSUSE-SU-2013:0826",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"name": "openSUSE-SU-2013:0735",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
},
{
"name": "53117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53117"
},
{
"name": "RHSA-2013:0753",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
},
{
"name": "openSUSE-SU-2013:0966",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"name": "openSUSE-SU-2013:0893",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c"
},
{
"name": "USN-1804-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1804-1"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
},
{
"name": "59281",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59281"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123",
"refsource": "MISC",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
},
{
"name": "openSUSE-SU-2013:0715",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=916774",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916774"
},
{
"name": "[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!",
"refsource": "MLIST",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1926",
"datePublished": "2013-04-29T22:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1927 (GCVE-0-2013-1927)
Vulnerability from cvelistv5
Published
2013-04-29 22:00
Modified
2024-08-06 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92544",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/92544"
},
{
"name": "SUSE-SU-2013:0851",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"name": "openSUSE-SU-2013:0897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
},
{
"name": "MDVSA-2013:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
},
{
"name": "SUSE-SU-2013:1174",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"name": "53109",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53109"
},
{
"name": "openSUSE-SU-2013:0826",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"name": "59286",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59286"
},
{
"name": "icedtea-cve20131927-sec-bypass(83640)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83640"
},
{
"name": "openSUSE-SU-2013:0735",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
},
{
"name": "53117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8"
},
{
"name": "RHSA-2013:0753",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
},
{
"name": "openSUSE-SU-2013:0966",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"name": "openSUSE-SU-2013:0893",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"name": "USN-1804-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1804-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
},
{
"name": "openSUSE-SU-2013:0715",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e"
},
{
"name": "[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka \"GIFAR.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "92544",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/92544"
},
{
"name": "SUSE-SU-2013:0851",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"name": "openSUSE-SU-2013:0897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
},
{
"name": "MDVSA-2013:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
},
{
"name": "SUSE-SU-2013:1174",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"name": "53109",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53109"
},
{
"name": "openSUSE-SU-2013:0826",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"name": "59286",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/59286"
},
{
"name": "icedtea-cve20131927-sec-bypass(83640)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83640"
},
{
"name": "openSUSE-SU-2013:0735",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
},
{
"name": "53117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8"
},
{
"name": "RHSA-2013:0753",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
},
{
"name": "openSUSE-SU-2013:0966",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"name": "openSUSE-SU-2013:0893",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"name": "USN-1804-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1804-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
},
{
"name": "openSUSE-SU-2013:0715",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e"
},
{
"name": "[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka \"GIFAR.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92544",
"refsource": "OSVDB",
"url": "http://osvdb.org/92544"
},
{
"name": "SUSE-SU-2013:0851",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"name": "openSUSE-SU-2013:0897",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
},
{
"name": "MDVSA-2013:146",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
},
{
"name": "SUSE-SU-2013:1174",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"name": "53109",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53109"
},
{
"name": "openSUSE-SU-2013:0826",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"name": "59286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59286"
},
{
"name": "icedtea-cve20131927-sec-bypass(83640)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83640"
},
{
"name": "openSUSE-SU-2013:0735",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
},
{
"name": "53117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53117"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8"
},
{
"name": "RHSA-2013:0753",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
},
{
"name": "openSUSE-SU-2013:0966",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"name": "openSUSE-SU-2013:0893",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"name": "USN-1804-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1804-1"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123",
"refsource": "MISC",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
},
{
"name": "openSUSE-SU-2013:0715",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=884705",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884705"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e"
},
{
"name": "[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!",
"refsource": "MLIST",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1927",
"datePublished": "2013-04-29T22:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2513 (GCVE-0-2011-2513)
Vulnerability from cvelistv5
Published
2014-05-14 00:00
Modified
2024-08-06 23:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04"
},
{
"name": "USN-1178-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1178-1"
},
{
"name": "RHSA-2011:1100",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
},
{
"name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 \u0026 1.9.9 Released!",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227"
},
{
"name": "1025854",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025854"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=718164"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-13T23:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04"
},
{
"name": "USN-1178-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1178-1"
},
{
"name": "RHSA-2011:1100",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
},
{
"name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 \u0026 1.9.9 Released!",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227"
},
{
"name": "1025854",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025854"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=718164"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released",
"refsource": "MLIST",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04",
"refsource": "MISC",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04"
},
{
"name": "USN-1178-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1178-1"
},
{
"name": "RHSA-2011:1100",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
},
{
"name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 \u0026 1.9.9 Released!",
"refsource": "MLIST",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227",
"refsource": "MISC",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227"
},
{
"name": "1025854",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025854"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=718164",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=718164"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2513",
"datePublished": "2014-05-14T00:00:00",
"dateReserved": "2011-06-15T00:00:00",
"dateUpdated": "2024-08-06T23:00:34.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-05-14 00:55
Modified
2025-04-12 10:46
Severity ?
Summary
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0 | ||
| secalert@redhat.com | http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388 | ||
| secalert@redhat.com | http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html | ||
| secalert@redhat.com | http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html | Patch, Vendor Advisory | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2011-1100.html | ||
| secalert@redhat.com | http://securitytracker.com/id?1025854 | ||
| secalert@redhat.com | http://ubuntu.com/usn/usn-1178-1 | Patch | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=718170 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2011-1100.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025854 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ubuntu.com/usn/usn-1178-1 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=718170 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | icedtea-web | * | |
| redhat | icedtea-web | 1.0 | |
| redhat | icedtea-web | 1.0.1 | |
| redhat | icedtea-web | 1.0.2 | |
| redhat | icedtea-web | 1.1 | |
| redhat | icedtea6 | * | |
| redhat | icedtea6 | 1.8 | |
| redhat | icedtea6 | 1.8.1 | |
| redhat | icedtea6 | 1.8.2 | |
| redhat | icedtea6 | 1.8.3 | |
| redhat | icedtea6 | 1.8.4 | |
| redhat | icedtea6 | 1.8.5 | |
| redhat | icedtea6 | 1.8.6 | |
| redhat | icedtea6 | 1.8.7 | |
| redhat | icedtea6 | 1.9.1 | |
| redhat | icedtea6 | 1.9.2 | |
| redhat | icedtea6 | 1.9.3 | |
| redhat | icedtea6 | 1.9.4 | |
| redhat | icedtea6 | 1.9.5 | |
| redhat | icedtea6 | 1.9.6 | |
| redhat | icedtea6 | 1.9.7 | |
| redhat | icedtea6 | 1.9.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AAB67E-694C-4742-9597-E2DFBD78CE99",
"versionEndIncluding": "1.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "941141AF-7E4A-4302-82A0-410D5694983A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B24564-AA45-4A26-BB3D-8C9B8DF8EBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0882F9F6-0C78-472E-82B2-0DCD3909EBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69F3FB66-F6C8-449C-9650-B0D906E307AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:icedtea6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F6E633C-EFF2-45E0-A406-9E44CA31B346",
"versionEndIncluding": "1.8.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7DC2DA-216C-4A82-92AF-13F6AAA40BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB74C024-F874-497B-9639-0B445F4E2E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A71A24-1102-4959-ADBD-2847A58F396F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A7D423-B883-4533-B1E6-F8A9DE6CD7F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E6C436-3EA7-43AF-B3A2-18CF85D19C83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7A83AA-16D8-4B8F-8E97-BAA4C1391180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D315C62C-C17B-4D0B-A899-B9A6C7E625C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8A2C7F-16C7-48D0-AE1B-4888D7AFCEF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C4F4DD-08B3-4B0D-BBD7-4192194BD305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "154BA32F-A747-4C84-8E8B-6D0D41310754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08851A2-465E-43EC-B28B-2A740207ABC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6977AFED-2DA4-43C0-8721-9A2F3D16B353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D00AA688-C5CE-4664-AF62-9ADB9BC0BF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "98934B23-304B-4B8E-B55E-71A711F066AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "76B0B4EC-CD60-4042-B23A-0AAF9969AD6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3F4CAF-63D5-44DF-B4ED-71C3CF49F91C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted."
},
{
"lang": "es",
"value": "La implementaci\u00f3n Java Network Launching Protocol (JNLP) en IcedTea6 1.9.x anterior a 1.9.9 y anterior a 1.8.9 y IcedTea-Web 1.1.x anterior a 1.1.1 y anterior a 1.0.4, permite a atacantes remotos enga\u00f1ar a usuarios para hacerles conceder el acceso a archivos locales mediante la modificaci\u00f3n del contenido del cuadro de di\u00e1logo Java Web Start Security Warning para que represente un nombre de archivo diferente al archivo para que acceso ser\u00e1 concedido."
}
],
"id": "CVE-2011-2514",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-14T00:55:04.460",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0"
},
{
"source": "secalert@redhat.com",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388"
},
{
"source": "secalert@redhat.com",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1025854"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://ubuntu.com/usn/usn-1178-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=718170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://ubuntu.com/usn/usn-1178-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=718170"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-29 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS | ||
| secalert@redhat.com | http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586 | ||
| secalert@redhat.com | http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html | ||
| secalert@redhat.com | http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html | ||
| secalert@redhat.com | http://osvdb.org/92543 | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2013-0753.html | ||
| secalert@redhat.com | http://secunia.com/advisories/53109 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/53117 | Vendor Advisory | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2013:146 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/59281 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1804-1 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=916774 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/83642 | ||
| secalert@redhat.com | https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/92543 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2013-0753.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/53109 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/53117 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2013:146 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/59281 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1804-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=916774 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/83642 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | icedtea-web | * | |
| redhat | icedtea-web | 1.0 | |
| redhat | icedtea-web | 1.0.1 | |
| redhat | icedtea-web | 1.0.2 | |
| redhat | icedtea-web | 1.0.3 | |
| redhat | icedtea-web | 1.0.4 | |
| redhat | icedtea-web | 1.0.5 | |
| redhat | icedtea-web | 1.0.6 | |
| redhat | icedtea-web | 1.1 | |
| redhat | icedtea-web | 1.1.1 | |
| redhat | icedtea-web | 1.1.2 | |
| redhat | icedtea-web | 1.1.3 | |
| redhat | icedtea-web | 1.1.4 | |
| redhat | icedtea-web | 1.1.5 | |
| redhat | icedtea-web | 1.1.6 | |
| redhat | icedtea-web | 1.1.7 | |
| redhat | icedtea-web | 1.2 | |
| redhat | icedtea-web | 1.2.1 | |
| redhat | icedtea-web | 1.3 | |
| redhat | icedtea-web | 1.3.1 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 | |
| opensuse | opensuse | 12.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7482A659-70CA-48A9-A0B8-53C7347B149A",
"versionEndIncluding": "1.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "941141AF-7E4A-4302-82A0-410D5694983A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B24564-AA45-4A26-BB3D-8C9B8DF8EBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0882F9F6-0C78-472E-82B2-0DCD3909EBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2BD3A8-D9E9-46E7-AEC9-B5511A10C472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8C118E-EF65-448B-940F-9892C59013DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "042B0E43-92C9-42F3-B6F3-7AE3F044FB5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7EEB4704-9DA1-4034-B81C-9D1522CE776B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69F3FB66-F6C8-449C-9650-B0D906E307AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD91C17-3187-4150-A77A-A012D2A74AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08431724-45B6-48A3-BEA4-94F9BC27B5EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D798F99B-D6C3-48B8-B186-C4B2B542D246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1F9B53-6560-4F57-9E16-552D0C12A4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C5A2C3-69B0-476E-82AA-A0F86D7D01CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4615F0-3544-433D-9B2B-2FD6A2D602E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7378E908-4CE5-43F4-A027-AAF70071638E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBB2D9F-F217-43BE-8E92-22B1A2186128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5D8436-437C-4ED0-A891-F9614225E1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3808-04EC-41A7-861D-3A8AB9C2AD03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "409A056E-75B5-4092-BB84-295AF2637CFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet."
},
{
"lang": "es",
"value": "El plugin IcedTea-Web antes de v1.2.3 y v1.3.x antes v1.3.2 utiliza el mismo cargador de clases de applets con la misma ruta de c\u00f3digo base pero desde diferentes \u00e1mbitos, lo que permite a atacantes remotos obtener informaci\u00f3n sensible o posiblemente alterar otros applets a trav\u00e9s de un applet creado para este fin."
}
],
"evaluatorImpact": "Per http://www.ubuntu.com/usn/USN-1804-1/ \"A security issue affects these releases of Ubuntu and its derivatives:\r\n Ubuntu 12.10\r\n Ubuntu 12.04 LTS\r\n Ubuntu 11.10\r\n Ubuntu 10.04 LTS\"\r\n\r\nPer http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html\r\n\"Affected Products:\r\nopenSUSE 12.2\"",
"id": "CVE-2013-1926",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-29T22:55:08.297",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
},
{
"source": "secalert@redhat.com",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586"
},
{
"source": "secalert@redhat.com",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"source": "secalert@redhat.com",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/92543"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53109"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53117"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/59281"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1804-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916774"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83642"
},
{
"source": "secalert@redhat.com",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/92543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/59281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1804-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-14 00:55
Modified
2025-04-12 10:46
Severity ?
Summary
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04 | ||
| secalert@redhat.com | http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227 | ||
| secalert@redhat.com | http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html | Vendor Advisory | |
| secalert@redhat.com | http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html | Patch | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2011-1100.html | ||
| secalert@redhat.com | http://securitytracker.com/id?1025854 | ||
| secalert@redhat.com | http://ubuntu.com/usn/usn-1178-1 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=718164 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2011-1100.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025854 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ubuntu.com/usn/usn-1178-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=718164 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | icedtea-web | * | |
| redhat | icedtea-web | 1.0 | |
| redhat | icedtea-web | 1.0.1 | |
| redhat | icedtea-web | 1.0.2 | |
| redhat | icedtea-web | 1.1 | |
| redhat | icedtea6 | * | |
| redhat | icedtea6 | 1.8 | |
| redhat | icedtea6 | 1.8.1 | |
| redhat | icedtea6 | 1.8.2 | |
| redhat | icedtea6 | 1.8.3 | |
| redhat | icedtea6 | 1.8.4 | |
| redhat | icedtea6 | 1.8.5 | |
| redhat | icedtea6 | 1.8.6 | |
| redhat | icedtea6 | 1.8.7 | |
| redhat | icedtea6 | 1.9.1 | |
| redhat | icedtea6 | 1.9.2 | |
| redhat | icedtea6 | 1.9.3 | |
| redhat | icedtea6 | 1.9.4 | |
| redhat | icedtea6 | 1.9.5 | |
| redhat | icedtea6 | 1.9.6 | |
| redhat | icedtea6 | 1.9.7 | |
| redhat | icedtea6 | 1.9.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AAB67E-694C-4742-9597-E2DFBD78CE99",
"versionEndIncluding": "1.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "941141AF-7E4A-4302-82A0-410D5694983A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B24564-AA45-4A26-BB3D-8C9B8DF8EBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0882F9F6-0C78-472E-82B2-0DCD3909EBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69F3FB66-F6C8-449C-9650-B0D906E307AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:icedtea6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F6E633C-EFF2-45E0-A406-9E44CA31B346",
"versionEndIncluding": "1.8.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7DC2DA-216C-4A82-92AF-13F6AAA40BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB74C024-F874-497B-9639-0B445F4E2E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A71A24-1102-4959-ADBD-2847A58F396F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A7D423-B883-4533-B1E6-F8A9DE6CD7F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E6C436-3EA7-43AF-B3A2-18CF85D19C83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7A83AA-16D8-4B8F-8E97-BAA4C1391180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D315C62C-C17B-4D0B-A899-B9A6C7E625C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8A2C7F-16C7-48D0-AE1B-4888D7AFCEF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C4F4DD-08B3-4B0D-BBD7-4192194BD305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "154BA32F-A747-4C84-8E8B-6D0D41310754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08851A2-465E-43EC-B28B-2A740207ABC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6977AFED-2DA4-43C0-8721-9A2F3D16B353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D00AA688-C5CE-4664-AF62-9ADB9BC0BF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "98934B23-304B-4B8E-B55E-71A711F066AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "76B0B4EC-CD60-4042-B23A-0AAF9969AD6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3F4CAF-63D5-44DF-B4ED-71C3CF49F91C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader."
},
{
"lang": "es",
"value": "La implementaci\u00f3n Java Network Launching Protocol (JNLP) en IcedTea6 1.9.x anterior a 1.9.9 y anterior a 1.8.9 y IcedTea-Web 1.1.x anterior a 1.1.1 y anterior a 1.0.4, permite a atacantes remotos obtener el nombre de usuario y ruta completa de los directorios de home y cach\u00e9 al acceder a propiedades del ClassLoader."
}
],
"id": "CVE-2011-2513",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-14T00:55:04.383",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04"
},
{
"source": "secalert@redhat.com",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1025854"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1178-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=718164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1178-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=718164"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-19 01:00
Modified
2025-04-11 00:51
Severity ?
Summary
The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/ | Patch | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html | ||
| secalert@redhat.com | http://secunia.com/advisories/43350 | Vendor Advisory | |
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-201406-32.xml | ||
| secalert@redhat.com | http://www.debian.org/security/2011/dsa-2224 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:054 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/46439 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=677332 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/65534 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/ | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43350 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201406-32.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2224 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:054 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/46439 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=677332 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/65534 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | icedtea-web | 1.0 | |
| redhat | icedtea-web | 1.0 | |
| redhat | icedtea-web | 1.0.1 | |
| sun | jdk | 1.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "941141AF-7E4A-4302-82A0-410D5694983A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0:pre:*:*:*:*:*:*",
"matchCriteriaId": "81421B64-64A3-4339-80CB-95BBDFB5C894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.1:pre:*:*:*:*:*:*",
"matchCriteriaId": "12C72453-AFA2-4AD7-B13F-DF01409B0459",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A4FEC7-A4A0-4B5C-A56C-8F80AE19865E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of \"an inappropriate security descriptor.\""
},
{
"lang": "es",
"value": "La clase JNLPClassLoader en IcedTea-Web anterior a versi\u00f3n 1.0.1, tal y como es usado en OpenJDK Runtime Environment versi\u00f3n 1.6.0, permite a los atacantes remotos alcanzar privilegios por medio de vectores desconocidos relacionados con varios firmantes y la asignaci\u00f3n de \"an inappropriate security descriptor\u201d."
}
],
"id": "CVE-2011-0706",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-19T01:00:03.277",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43350"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2224"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/46439"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=677332"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65534"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=677332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-07 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2012-1132.html | ||
| secalert@redhat.com | http://secunia.com/advisories/50089 | Vendor Advisory | |
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-201406-32.xml | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1521-1 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=840592 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-1132.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/50089 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201406-32.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1521-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=840592 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | icedtea-web | * | |
| redhat | icedtea-web | 1.0 | |
| redhat | icedtea-web | 1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "778D356B-5415-49CD-8005-DFC6116C0336",
"versionEndIncluding": "1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "941141AF-7E4A-4302-82A0-410D5694983A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69F3FB66-F6C8-449C-9650-B0D906E307AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read."
},
{
"lang": "es",
"value": "La funci\u00f3n getFirstInTableInstance en el complemento IcedTea-Web anteior a v1.2.1 devuelve un puntero no inicializado cuando el hash instance_to_id_map est\u00e1 vac\u00edo, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo mediante una p\u00e1gina Web manipulada, lo que provoca una lectura de una posici\u00f3n de memoria no inicializada."
}
],
"id": "CVE-2012-3422",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-07T21:55:01.717",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50089"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1521-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1521-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840592"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-11 13:00
Modified
2025-04-11 00:51
Severity ?
Summary
Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS | ||
| secalert@redhat.com | http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f | ||
| secalert@redhat.com | http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html | ||
| secalert@redhat.com | http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html | ||
| secalert@redhat.com | http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2012-1434.html | ||
| secalert@redhat.com | http://secunia.com/advisories/51206 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/51220 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/51374 | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-201406-32.xml | ||
| secalert@redhat.com | http://www.debian.org/security/2013/dsa-2768 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2012:171 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/11/07/5 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/56434 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/62426 | ||
| secalert@redhat.com | http://www.securitytracker.com/id?1027738 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1625-1 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1007960 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=869040 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/79894 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-1434.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/51206 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/51220 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/51374 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201406-32.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2013/dsa-2768 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:171 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/11/07/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/56434 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/62426 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027738 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1625-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1007960 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=869040 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/79894 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensuse | opensuse | 13.1 | |
| opensuse | opensuse | 13.2 | |
| redhat | icedtea-web | 1.1 | |
| redhat | icedtea-web | 1.1.1 | |
| redhat | icedtea-web | 1.1.2 | |
| redhat | icedtea-web | 1.1.3 | |
| redhat | icedtea-web | 1.1.4 | |
| redhat | icedtea-web | 1.1.5 | |
| redhat | icedtea-web | 1.1.6 | |
| redhat | icedtea-web | 1.2 | |
| redhat | icedtea-web | 1.2.1 | |
| redhat | icedtea-web | 1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69F3FB66-F6C8-449C-9650-B0D906E307AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD91C17-3187-4150-A77A-A012D2A74AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08431724-45B6-48A3-BEA4-94F9BC27B5EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D798F99B-D6C3-48B8-B186-C4B2B542D246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1F9B53-6560-4F57-9E16-552D0C12A4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C5A2C3-69B0-476E-82AA-A0F86D7D01CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4615F0-3544-433D-9B2B-2FD6A2D602E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBB2D9F-F217-43BE-8E92-22B1A2186128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5D8436-437C-4ED0-A891-F9614225E1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3808-04EC-41A7-861D-3A8AB9C2AD03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a \"triggering event attached to applet.\" NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one."
},
{
"lang": "es",
"value": "Error off-by-one en la funci\u00f3n de invoke en IcedTeaScriptablePluginObject.cc en IcedTea-Web v1.1.x antes de v1.1.7, v1.2.x antes de v1.2.2, y v1.3.x antes de v1.3.1, permite a atacantes remotos obtener informaci\u00f3n sensible, provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una p\u00e1gina web dise\u00f1ada que provoca un desbordamiento de b\u00fafer basado en memoria din\u00e1mica, en relaci\u00f3n con un mensaje de error y un \"evento desencadenante unido a applet.\""
}
],
"id": "CVE-2012-4540",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-11T13:00:54.073",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS"
},
{
"source": "secalert@redhat.com",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f"
},
{
"source": "secalert@redhat.com",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html"
},
{
"source": "secalert@redhat.com",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html"
},
{
"source": "secalert@redhat.com",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1434.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51206"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51220"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/51374"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2768"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:171"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/56434"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/62426"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1027738"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1625-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007960"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=869040"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1434.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/51374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1625-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=869040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79894"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-05 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/ | Patch, Vendor Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2012-03/msg00028.html | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2011-1441.html | ||
| secalert@redhat.com | http://www.debian.org/security/2012/dsa-2420 | ||
| secalert@redhat.com | http://www.osvdb.org/76940 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/50610 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1263-1 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=742515 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2012-03/msg00028.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2011-1441.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2420 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/76940 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/50610 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1263-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=742515 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | icedtea-web | 1.0 | |
| redhat | icedtea-web | 1.0.1 | |
| redhat | icedtea-web | 1.0.2 | |
| redhat | icedtea-web | 1.0.3 | |
| redhat | icedtea-web | 1.0.4 | |
| redhat | icedtea-web | 1.0.5 | |
| redhat | icedtea-web | 1.1 | |
| redhat | icedtea-web | 1.1.1 | |
| redhat | icedtea-web | 1.1.2 | |
| redhat | icedtea-web | 1.1.3 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 10.10 | |
| canonical | ubuntu_linux | 11.04 | |
| canonical | ubuntu_linux | 11.10 | |
| opensuse | opensuse | 12.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "941141AF-7E4A-4302-82A0-410D5694983A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B24564-AA45-4A26-BB3D-8C9B8DF8EBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0882F9F6-0C78-472E-82B2-0DCD3909EBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2BD3A8-D9E9-46E7-AEC9-B5511A10C472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8C118E-EF65-448B-940F-9892C59013DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "042B0E43-92C9-42F3-B6F3-7AE3F044FB5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69F3FB66-F6C8-449C-9650-B0D906E307AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD91C17-3187-4150-A77A-A012D2A74AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08431724-45B6-48A3-BEA4-94F9BC27B5EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D798F99B-D6C3-48B8-B186-C4B2B542D246",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain."
},
{
"lang": "es",
"value": "El plug-in de navegador web en IcedTea-Web 1.0.x anterior a 1.0.6 y 1.1.x anterior a 1.1.4, permite a atacantes remotos evadir el Same Origin Policy (SOP) y ejecutar script arbitrario o establecer conexiones de red hacia hosts no deseados a trav\u00e9s de un applet cuyo origen tiene el mismo dominio de segundo nivel, pero un sub-dominio diferente que el dominio objetivo."
}
],
"id": "CVE-2011-3377",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-05T19:55:28.607",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00028.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1441.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2420"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/76940"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/50610"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1263-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1441.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/76940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/50610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1263-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742515"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-07 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518 | ||
| secalert@redhat.com | http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=863 | Vendor Advisory | |
| secalert@redhat.com | http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS | ||
| secalert@redhat.com | http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d65bd94e0ba9 | Exploit, Patch | |
| secalert@redhat.com | http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d7375e2a9076 | Exploit, Patch | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2012-1132.html | ||
| secalert@redhat.com | http://secunia.com/advisories/50089 | Vendor Advisory | |
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-201406-32.xml | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1521-1 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=841345 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=863 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d65bd94e0ba9 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d7375e2a9076 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-1132.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/50089 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201406-32.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1521-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=841345 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | icedtea-web | * | |
| redhat | icedtea-web | 1.0 | |
| redhat | icedtea-web | 1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "778D356B-5415-49CD-8005-DFC6116C0336",
"versionEndIncluding": "1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "941141AF-7E4A-4302-82A0-410D5694983A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69F3FB66-F6C8-449C-9650-B0D906E307AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet."
},
{
"lang": "es",
"value": "El complemento IcedTea-Web anterior a v1.2.1 no maneja adecuadamente los (NPVariant) (NPStrings) sin terminadores NUL, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda), obtener informaci\u00f3n sensible de la memoria, o ejecutar c\u00f3digo arbitrario a trav\u00e9s de un (applet) de Java manipulado."
}
],
"id": "CVE-2012-3423",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-07T21:55:01.780",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=863"
},
{
"source": "secalert@redhat.com",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d65bd94e0ba9"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d7375e2a9076"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50089"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1521-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d65bd94e0ba9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d7375e2a9076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1521-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841345"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-03 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a | Exploit, Patch | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2014-02/msg00089.html | ||
| secalert@redhat.com | http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-February/026192.html | ||
| secalert@redhat.com | http://seclists.org/oss-sec/2014/q1/282 | ||
| secalert@redhat.com | http://secunia.com/advisories/57036 | Vendor Advisory | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-2131-1 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1010958 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-02/msg00089.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-February/026192.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2014/q1/282 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/57036 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2131-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1010958 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | icedtea-web | * | |
| redhat | icedtea-web | 1.0.1 | |
| redhat | icedtea-web | 1.0.2 | |
| redhat | icedtea-web | 1.0.3 | |
| redhat | icedtea-web | 1.0.4 | |
| redhat | icedtea-web | 1.0.5 | |
| redhat | icedtea-web | 1.0.6 | |
| redhat | icedtea-web | 1.1 | |
| redhat | icedtea-web | 1.1.1 | |
| redhat | icedtea-web | 1.1.2 | |
| redhat | icedtea-web | 1.1.3 | |
| redhat | icedtea-web | 1.1.4 | |
| redhat | icedtea-web | 1.1.5 | |
| redhat | icedtea-web | 1.1.6 | |
| redhat | icedtea-web | 1.1.7 | |
| redhat | icedtea-web | 1.2 | |
| redhat | icedtea-web | 1.2.1 | |
| redhat | icedtea-web | 1.2.2 | |
| redhat | icedtea-web | 1.3 | |
| redhat | icedtea-web | 1.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "278B7C80-1434-4F5B-917B-5526C1B27872",
"versionEndIncluding": "1.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B24564-AA45-4A26-BB3D-8C9B8DF8EBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0882F9F6-0C78-472E-82B2-0DCD3909EBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2BD3A8-D9E9-46E7-AEC9-B5511A10C472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8C118E-EF65-448B-940F-9892C59013DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "042B0E43-92C9-42F3-B6F3-7AE3F044FB5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7EEB4704-9DA1-4034-B81C-9D1522CE776B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69F3FB66-F6C8-449C-9650-B0D906E307AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD91C17-3187-4150-A77A-A012D2A74AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08431724-45B6-48A3-BEA4-94F9BC27B5EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D798F99B-D6C3-48B8-B186-C4B2B542D246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1F9B53-6560-4F57-9E16-552D0C12A4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C5A2C3-69B0-476E-82AA-A0F86D7D01CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4615F0-3544-433D-9B2B-2FD6A2D602E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7378E908-4CE5-43F4-A027-AAF70071638E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBB2D9F-F217-43BE-8E92-22B1A2186128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5D8436-437C-4ED0-A891-F9614225E1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34F3F5C9-6E19-4CD5-A4D3-F7B2CA1A6402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3808-04EC-41A7-861D-3A8AB9C2AD03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "409A056E-75B5-4092-BB84-295AF2637CFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp."
},
{
"lang": "es",
"value": "La implementaci\u00f3n LiveConnect en plugin/icedteanp/IcedTeaNPPlugin.cc en IcedTea-Web anterior a 1.4.2 permite a usuarios locales leer los mensajes entre un Applet Java y un navegador de web mediante la precreaci\u00f3n de un archivo de socket temporal con un nombre predecible en /tmp."
}
],
"id": "CVE-2013-6493",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-03T16:55:04.240",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00089.html"
},
{
"source": "secalert@redhat.com",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-February/026192.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2014/q1/282"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57036"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2131-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00089.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-February/026192.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q1/282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2131-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010958"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-29 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS | ||
| secalert@redhat.com | http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e | ||
| secalert@redhat.com | http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8 | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html | ||
| secalert@redhat.com | http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html | ||
| secalert@redhat.com | http://osvdb.org/92544 | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2013-0753.html | ||
| secalert@redhat.com | http://secunia.com/advisories/53109 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/53117 | Vendor Advisory | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2013:146 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/59286 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1804-1 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=884705 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/83640 | ||
| secalert@redhat.com | https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/92544 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2013-0753.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/53109 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/53117 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2013:146 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/59286 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1804-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=884705 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/83640 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | icedtea-web | * | |
| redhat | icedtea-web | 1.0 | |
| redhat | icedtea-web | 1.0.1 | |
| redhat | icedtea-web | 1.0.2 | |
| redhat | icedtea-web | 1.0.3 | |
| redhat | icedtea-web | 1.0.4 | |
| redhat | icedtea-web | 1.0.5 | |
| redhat | icedtea-web | 1.0.6 | |
| redhat | icedtea-web | 1.1 | |
| redhat | icedtea-web | 1.1.1 | |
| redhat | icedtea-web | 1.1.2 | |
| redhat | icedtea-web | 1.1.3 | |
| redhat | icedtea-web | 1.1.4 | |
| redhat | icedtea-web | 1.1.5 | |
| redhat | icedtea-web | 1.1.6 | |
| redhat | icedtea-web | 1.1.7 | |
| redhat | icedtea-web | 1.2 | |
| redhat | icedtea-web | 1.2.1 | |
| redhat | icedtea-web | 1.3 | |
| redhat | icedtea-web | 1.3.1 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 | |
| opensuse | opensuse | 12.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7482A659-70CA-48A9-A0B8-53C7347B149A",
"versionEndIncluding": "1.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "941141AF-7E4A-4302-82A0-410D5694983A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B24564-AA45-4A26-BB3D-8C9B8DF8EBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0882F9F6-0C78-472E-82B2-0DCD3909EBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2BD3A8-D9E9-46E7-AEC9-B5511A10C472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8C118E-EF65-448B-940F-9892C59013DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "042B0E43-92C9-42F3-B6F3-7AE3F044FB5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7EEB4704-9DA1-4034-B81C-9D1522CE776B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69F3FB66-F6C8-449C-9650-B0D906E307AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD91C17-3187-4150-A77A-A012D2A74AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08431724-45B6-48A3-BEA4-94F9BC27B5EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D798F99B-D6C3-48B8-B186-C4B2B542D246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1F9B53-6560-4F57-9E16-552D0C12A4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C5A2C3-69B0-476E-82AA-A0F86D7D01CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4615F0-3544-433D-9B2B-2FD6A2D602E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7378E908-4CE5-43F4-A027-AAF70071638E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBB2D9F-F217-43BE-8E92-22B1A2186128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5D8436-437C-4ED0-A891-F9614225E1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E71F3808-04EC-41A7-861D-3A8AB9C2AD03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:icedtea-web:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "409A056E-75B5-4092-BB84-295AF2637CFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka \"GIFAR.\""
},
{
"lang": "es",
"value": "El plugin IcedTea-Web antes de v1.2.3 y v1.3.x antes de v1.3.2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo creado para tal fin que valida tanto como archivo GIF y archivo JAR de Java, tambi\u00e9n conocido como archivo \"GIFAR.\""
}
],
"evaluatorImpact": "Per http://www.ubuntu.com/usn/USN-1804-1/ \"A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 Ubuntu 10.04 LTS\" Per http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html \"Affected Products: openSUSE 12.2\"",
"id": "CVE-2013-1927",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-29T22:55:08.387",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
},
{
"source": "secalert@redhat.com",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e"
},
{
"source": "secalert@redhat.com",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"source": "secalert@redhat.com",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/92544"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53109"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53117"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/59286"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1804-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884705"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83640"
},
{
"source": "secalert@redhat.com",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/92544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/59286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1804-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}