Описание
IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.
Релиз | Статус | Примечание |
---|---|---|
dapper | DNE | |
devel | not-affected | 6b21~pre1-0ubuntu1 |
hardy | released | 6b27-1.12.3-0ubuntu1~08.04.1 |
karmic | released | 6b20-1.9.5-0ubuntu1~9.10.1 |
lucid | released | 6b20-1.9.5-0ubuntu1~10.04.1 |
maverick | released | 6b20-1.9.5-0ubuntu1 |
natty | not-affected | 6b21~pre1-0ubuntu1 |
oneiric | not-affected | 6b21~pre1-0ubuntu1 |
upstream | released | 1.9.5 |
Показывать по
Релиз | Статус | Примечание |
---|---|---|
dapper | DNE | |
devel | not-affected | 6b18-1.8.3-1ubuntu3 |
hardy | DNE | |
karmic | released | 6b18-1.8.5-0ubuntu1~9.10.1 |
lucid | released | 6b18-1.8.5-0ubuntu1~10.04.1 |
maverick | released | 6b18-1.8.4-0ubuntu1 |
natty | not-affected | 6b18-1.8.3-1ubuntu3 |
oneiric | not-affected | 6b18-1.8.3-1ubuntu3 |
upstream | released | 1.8.5 |
Показывать по
Релиз | Статус | Примечание |
---|---|---|
dapper | not-affected | IcedTea only |
devel | DNE | |
hardy | not-affected | IcedTea only |
karmic | DNE | |
lucid | DNE | |
maverick | DNE | |
natty | DNE | |
oneiric | DNE | |
upstream | not-affected | IcedTea only |
Показывать по
Релиз | Статус | Примечание |
---|---|---|
dapper | DNE | |
devel | DNE | |
hardy | not-affected | IcedTea only |
karmic | not-affected | IcedTea only |
lucid | not-affected | IcedTea only |
maverick | not-affected | IcedTea only |
natty | not-affected | IcedTea only |
oneiric | not-affected | IcedTea only |
upstream | not-affected | IcedTea only |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.
IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.
IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does ...
IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.
EPSS
6.8 Medium
CVSS2