Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2011-0706

Published: 19/02/2011 Updated: 13/02/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Icedtea-web

Vulnerability Summary

The JNLPClassLoader class in IcedTea-Web prior to 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote malicious users to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat icedtea-web 1.0

redhat icedtea-web 1.0.1

sun jdk 1.6.0

Vendor Advisories

Debian Security Advisories: DSA-2224-1 openjdk-6 -- several vulnerabilities
Several security vulnerabilities were discovered in OpenJDK, an implementation of the Java platform CVE-2010-4351 The JNLP SecurityManager returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creati ...
Ubuntu Security Notice: openjdk-6b18 vulnerabilities
OpenJDK 6 Vulnerabilities (armel packages only) ...
Ubuntu Security Notice: openjdk-6b18 vulnerabilities
OpenJDK 6 vulnerabilities in Ubuntu 1010 for armel (ARM) architecture ...
Ubuntu Security Notice: openjdk-6 vulnerabilities
It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM (CVE-2010-4448) ...

References

CWE-264http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.htmlhttp://secunia.com/advisories/43350https://bugzilla.redhat.com/show_bug.cgi?id=677332http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/http://www.securityfocus.com/bid/46439http://www.debian.org/security/2011/dsa-2224http://www.mandriva.com/security/advisories?name=MDVSA-2011:054http://security.gentoo.org/glsa/glsa-201406-32.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/65534https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117https://nvd.nist.govhttps://www.debian.org/security/./dsa-2224https://usn.ubuntu.com/1079-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook