Published: 14/05/2014 Updated: 25/06/2014

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x prior to 1.9.9 and prior to 1.8.9, and IcedTea-Web 1.1.x prior to 1.1.1 and prior to 1.0.4, allows remote malicious users to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat icedtea-web 1.1
redhat icedtea-web
redhat icedtea-web 1.0.2
redhat icedtea-web 1.0.1
redhat icedtea-web 1.0
redhat icedtea6 1.8.5
redhat icedtea6 1.8.4
redhat icedtea6 1.8.3
redhat icedtea6 1.8.2
redhat icedtea6 1.9.4
redhat icedtea6 1.9.5
redhat icedtea6 1.9.6
redhat icedtea6 1.9.7
redhat icedtea6 1.9.1
redhat icedtea6 1.9.3
redhat icedtea6 1.9.8
redhat icedtea6 1.8.7
redhat icedtea6 1.8
redhat icedtea6 1.9.2
redhat icedtea6
redhat icedtea6 1.8.6
redhat icedtea6 1.8.1

An attacker could discover a user’s name or confuse a user into granting unintended access to files ...

CWE-200 http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227 http://ubuntu.com/usn/usn-1178-1 http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04 http://securitytracker.com/id?1025854 https://bugzilla.redhat.com/show_bug.cgi?id=718164 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html http://rhn.redhat.com/errata/RHSA-2011-1100.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html https://usn.ubuntu.com/1178-1/https://nvd.nist.gov

CVE-2011-2513

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect