Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-2514

Опубликовано: 14 мая 2014
Источник: nvd
CVSS2: 6.8
EPSS Низкий

Описание

The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:icedtea-web:*:*:*:*:*:*:*:*
Версия до 1.0.3 (включая)
cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea-web:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea-web:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:redhat:icedtea6:*:*:*:*:*:*:*:*
Версия до 1.8.8 (включая)
cpe:2.3:a:redhat:icedtea6:1.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea6:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea6:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea6:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea6:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea6:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea6:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea6:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea6:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea6:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea6:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea6:1.9.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea6:1.9.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea6:1.9.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea6:1.9.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea6:1.9.8:*:*:*:*:*:*:*

EPSS

Процентиль: 74%
0.00878
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2011-2514

ubuntu
около 11 лет назад

The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted.

redhat логотип

CVE-2011-2514

redhat
почти 14 лет назад

The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted.

debian логотип

CVE-2011-2514

debian
около 11 лет назад

The Java Network Launching Protocol (JNLP) implementation in IcedTea6 ...

github логотип

GHSA-mfx6-3x7c-57wf

github
около 3 лет назад

The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted.

oracle-oval логотип

ELSA-2011-1100

oracle-oval
почти 14 лет назад

ELSA-2011-1100: icedtea-web security update (MODERATE)

EPSS

Процентиль: 74%
0.00878
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-264