CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
77.0%
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x
before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and
before 1.0.4, allows remote attackers to obtain the username and full path
of the home and cache directories by accessing properties of the
ClassLoader.
Author | Note |
---|---|
mdeslaur | in natty+, NetX and the plugin moved to the icedtea-web package |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 11.04 | noarch | icedtea-web | < 1.1.1-0ubuntu1~11.04.1 | UNKNOWN |
ubuntu | 8.04 | noarch | openjdk-6 | < 6b27-1.12.3-0ubuntu1~08.04.1 | UNKNOWN |
ubuntu | 10.04 | noarch | openjdk-6 | < 6b20-1.9.9-0ubuntu1~10.04.2 | UNKNOWN |
ubuntu | 10.10 | noarch | openjdk-6 | < 6b20-1.9.9-0ubuntu1~10.10.2 | UNKNOWN |
ubuntu | 10.04 | noarch | openjdk-6b18 | < 6b18-1.8.8-0ubuntu1~10.04.2+1.8.9 | UNKNOWN |
ubuntu | 10.10 | noarch | openjdk-6b18 | < 6b18-1.8.8-0ubuntu1~10.10.2+1.8.9 | UNKNOWN |