Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2011-0025

Опубликовано: 04 фев. 2011
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.8

Описание

IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.

РелизСтатусПримечание
dapper

DNE

devel

not-affected

6b21~pre1-0ubuntu1
hardy

released

6b27-1.12.3-0ubuntu1~08.04.1
karmic

released

6b20-1.9.5-0ubuntu1~9.10.1
lucid

released

6b20-1.9.5-0ubuntu1~10.04.1
maverick

released

6b20-1.9.5-0ubuntu1
natty

not-affected

6b21~pre1-0ubuntu1
oneiric

not-affected

6b21~pre1-0ubuntu1
upstream

released

1.9.5

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

not-affected

6b18-1.8.3-1ubuntu3
hardy

DNE

karmic

released

6b18-1.8.5-0ubuntu1~9.10.1
lucid

released

6b18-1.8.5-0ubuntu1~10.04.1
maverick

released

6b18-1.8.4-0ubuntu1
natty

not-affected

6b18-1.8.3-1ubuntu3
oneiric

not-affected

6b18-1.8.3-1ubuntu3
upstream

released

1.8.5

Показывать по

РелизСтатусПримечание
dapper

not-affected

IcedTea only
devel

DNE

hardy

not-affected

IcedTea only
karmic

DNE

lucid

DNE

maverick

DNE

natty

DNE

oneiric

DNE

upstream

not-affected

IcedTea only

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

hardy

not-affected

IcedTea only
karmic

not-affected

IcedTea only
lucid

not-affected

IcedTea only
maverick

not-affected

IcedTea only
natty

not-affected

IcedTea only
oneiric

not-affected

IcedTea only
upstream

not-affected

IcedTea only

Показывать по

EPSS

Процентиль: 85%
0.0255
Низкий

6.8 Medium

CVSS2

Связанные уязвимости

redhat
больше 14 лет назад

IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.

nvd
больше 14 лет назад

IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.

debian
больше 14 лет назад

IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does ...

github
больше 3 лет назад

IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.

EPSS

Процентиль: 85%
0.0255
Низкий

6.8 Medium

CVSS2