Lucene search

RedhatCVE-2011-3377

HistoryFeb 05, 2014 - 7:55 p.m.

CVE-2011-3377

2014-02-0519:55:28

CWE-264

redhat

web.nvd.nist.gov

cve-2011-3377

icedtea-web

same origin policy

remote attackers

arbitrary script

network connections

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

Low

EPSS

0.004

Percentile

74.3%

JSON

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.

Affected configurations

Nvd

Node

redhaticedtea-webMatch1.0

redhaticedtea-webMatch1.0.1

redhaticedtea-webMatch1.0.2

redhaticedtea-webMatch1.0.3

redhaticedtea-webMatch1.0.4

redhaticedtea-webMatch1.0.5

redhaticedtea-webMatch1.1

redhaticedtea-webMatch1.1.1

redhaticedtea-webMatch1.1.2

redhaticedtea-webMatch1.1.3

Node

canonicalubuntu_linuxMatch10.04-lts

canonicalubuntu_linuxMatch10.10

canonicalubuntu_linuxMatch11.04

canonicalubuntu_linuxMatch11.10

opensuseopensuseMatch12.1

VendorProductVersionCPE
redhaticedtea-web1.0cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*
redhaticedtea-web1.0.1cpe:2.3:a:redhat:icedtea-web:1.0.1:*:*:*:*:*:*:*
redhaticedtea-web1.0.2cpe:2.3:a:redhat:icedtea-web:1.0.2:*:*:*:*:*:*:*
redhaticedtea-web1.0.3cpe:2.3:a:redhat:icedtea-web:1.0.3:*:*:*:*:*:*:*
redhaticedtea-web1.0.4cpe:2.3:a:redhat:icedtea-web:1.0.4:*:*:*:*:*:*:*
redhaticedtea-web1.0.5cpe:2.3:a:redhat:icedtea-web:1.0.5:*:*:*:*:*:*:*
redhaticedtea-web1.1cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*
redhaticedtea-web1.1.1cpe:2.3:a:redhat:icedtea-web:1.1.1:*:*:*:*:*:*:*
redhaticedtea-web1.1.2cpe:2.3:a:redhat:icedtea-web:1.1.2:*:*:*:*:*:*:*
redhaticedtea-web1.1.3cpe:2.3:a:redhat:icedtea-web:1.1.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	icedtea-web	1.0	cpe:2.3:a:redhat:icedtea-web:1.0:::::::*
redhat	icedtea-web	1.0.1	cpe:2.3:a:redhat:icedtea-web:1.0.1:::::::*
redhat	icedtea-web	1.0.2	cpe:2.3:a:redhat:icedtea-web:1.0.2:::::::*
redhat	icedtea-web	1.0.3	cpe:2.3:a:redhat:icedtea-web:1.0.3:::::::*
redhat	icedtea-web	1.0.4	cpe:2.3:a:redhat:icedtea-web:1.0.4:::::::*
redhat	icedtea-web	1.0.5	cpe:2.3:a:redhat:icedtea-web:1.0.5:::::::*
redhat	icedtea-web	1.1	cpe:2.3:a:redhat:icedtea-web:1.1:::::::*
redhat	icedtea-web	1.1.1	cpe:2.3:a:redhat:icedtea-web:1.1.1:::::::*
redhat	icedtea-web	1.1.2	cpe:2.3:a:redhat:icedtea-web:1.1.2:::::::*
redhat	icedtea-web	1.1.3	cpe:2.3:a:redhat:icedtea-web:1.1.3:::::::*