Published: 05/02/2014 Updated: 30/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The web browser plug-in in IcedTea-Web 1.0.x prior to 1.0.6 and 1.1.x prior to 1.1.4 allows remote malicious users to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat icedtea-web 1.1
redhat icedtea-web 1.1.1
redhat icedtea-web 1.1.2
redhat icedtea-web 1.1.3
redhat icedtea-web 1.0
redhat icedtea-web 1.0.5
redhat icedtea-web 1.0.2
redhat icedtea-web 1.0.4
redhat icedtea-web 1.0.1
redhat icedtea-web 1.0.3
canonical ubuntu linux 10.04
canonical ubuntu linux 10.10
canonical ubuntu linux 11.04
opensuse opensuse 12.1
canonical ubuntu linux 11.10

USN-1263-1 caused a regression when using OpenJDK 6’s SSL/TLS implementation ...

Multiple OpenJDK 6 and IcedTea-Web vulnerabilities have been fixed ...

CWE-264 https://bugzilla.redhat.com/show_bug.cgi?id=742515 http://rhn.redhat.com/errata/RHSA-2011-1441.html http://www.debian.org/security/2012/dsa-2420 http://www.osvdb.org/76940 http://www.ubuntu.com/usn/USN-1263-1 http://www.securityfocus.com/bid/50610 http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/http://lists.opensuse.org/opensuse-updates/2012-03/msg00028.html https://nvd.nist.gov https://usn.ubuntu.com/1263-2/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-3377

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect