Lucene search

RedhatCVE-2011-2514

HistoryMay 14, 2014 - 12:55 a.m.

CVE-2011-2514

2014-05-1400:55:04

CWE-264

redhat

web.nvd.nist.gov

cve-2011-2514

information security

java

jnlp

icedtea6

icedtea-web

remote attack

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

0.011

Percentile

84.6%

JSON

The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted.

Affected configurations

Nvd

Node

redhaticedtea-webRange≤1.0.3

redhaticedtea-webMatch1.0

redhaticedtea-webMatch1.0.1

redhaticedtea-webMatch1.0.2

redhaticedtea-webMatch1.1

Node

redhaticedtea6Range≤1.8.8

redhaticedtea6Match1.8

redhaticedtea6Match1.8.1

redhaticedtea6Match1.8.2

redhaticedtea6Match1.8.3

redhaticedtea6Match1.8.4

redhaticedtea6Match1.8.5

redhaticedtea6Match1.8.6

redhaticedtea6Match1.8.7

redhaticedtea6Match1.9.1

redhaticedtea6Match1.9.2

redhaticedtea6Match1.9.3

redhaticedtea6Match1.9.4

redhaticedtea6Match1.9.5

redhaticedtea6Match1.9.6

redhaticedtea6Match1.9.7

redhaticedtea6Match1.9.8

VendorProductVersionCPE
redhaticedtea-web*cpe:2.3:a:redhat:icedtea-web:*:*:*:*:*:*:*:*
redhaticedtea-web1.0cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*
redhaticedtea-web1.0.1cpe:2.3:a:redhat:icedtea-web:1.0.1:*:*:*:*:*:*:*
redhaticedtea-web1.0.2cpe:2.3:a:redhat:icedtea-web:1.0.2:*:*:*:*:*:*:*
redhaticedtea-web1.1cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*
redhaticedtea6*cpe:2.3:a:redhat:icedtea6:*:*:*:*:*:*:*:*
redhaticedtea61.8cpe:2.3:a:redhat:icedtea6:1.8:*:*:*:*:*:*:*
redhaticedtea61.8.1cpe:2.3:a:redhat:icedtea6:1.8.1:*:*:*:*:*:*:*
redhaticedtea61.8.2cpe:2.3:a:redhat:icedtea6:1.8.2:*:*:*:*:*:*:*
redhaticedtea61.8.3cpe:2.3:a:redhat:icedtea6:1.8.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	icedtea-web	*	cpe:2.3:a:redhat:icedtea-web::::::::
redhat	icedtea-web	1.0	cpe:2.3:a:redhat:icedtea-web:1.0:::::::*
redhat	icedtea-web	1.0.1	cpe:2.3:a:redhat:icedtea-web:1.0.1:::::::*
redhat	icedtea-web	1.0.2	cpe:2.3:a:redhat:icedtea-web:1.0.2:::::::*
redhat	icedtea-web	1.1	cpe:2.3:a:redhat:icedtea-web:1.1:::::::*
redhat	icedtea6	*	cpe:2.3:a:redhat:icedtea6::::::::
redhat	icedtea6	1.8	cpe:2.3:a:redhat:icedtea6:1.8:::::::*
redhat	icedtea6	1.8.1	cpe:2.3:a:redhat:icedtea6:1.8.1:::::::*
redhat	icedtea6	1.8.2	cpe:2.3:a:redhat:icedtea6:1.8.2:::::::*
redhat	icedtea6	1.8.3	cpe:2.3:a:redhat:icedtea6:1.8.3:::::::*