IcedTea 1.7 prior to 1.7.8, 1.8 prior to 1.8.5, and 1.9 prior to 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote malicious users to trick users into executing code that appears to come from a trusted source.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat icedtea 1.9.3 |
||
redhat icedtea 1.8.1 |
||
redhat icedtea 1.9.4 |
||
redhat icedtea 1.7.7 |
||
redhat icedtea 1.7.2 |
||
redhat icedtea 1.8.3 |
||
redhat icedtea 1.8 |
||
redhat icedtea 1.7.3 |
||
redhat icedtea 1.7.5 |
||
redhat icedtea 1.8.4 |
||
redhat icedtea 1.7.4 |
||
redhat icedtea 1.7.6 |
||
redhat icedtea 1.8.2 |
||
redhat icedtea 1.7.1 |
||
redhat icedtea 1.9.2 |
||
redhat icedtea 1.9 |
||
redhat icedtea 1.9.1 |
||
redhat icedtea 1.7 |