CVE-2011-2514

2014-05-1400:55:04

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.011

Percentile

84.6%

JSON

The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted.

OSVersionArchitecturePackageVersionFilename
Debian12allicedtea-web< 1.1-1icedtea-web_1.1-1_all.deb
Debian11allicedtea-web< 1.1-1icedtea-web_1.1-1_all.deb
Debian999allicedtea-web< 1.1-1icedtea-web_1.1-1_all.deb
Debian13allicedtea-web< 1.1-1icedtea-web_1.1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	icedtea-web	< 1.1-1	icedtea-web_1.1-1_all.deb
Debian	11	all	icedtea-web	< 1.1-1	icedtea-web_1.1-1_all.deb
Debian	999	all	icedtea-web	< 1.1-1	icedtea-web_1.1-1_all.deb
Debian	13	all	icedtea-web	< 1.1-1	icedtea-web_1.1-1_all.deb