Lucene search

K

Veracode Vulnerability DatabaseVERACODE:24668

HistoryApr 10, 2020 - 1:01 a.m.

Arbitrary Code Execution

2020-04-1001:01:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9

EPSS

0.011

Percentile

84.6%

icedtea-web is vulnerable to arbitrary code execution. The vulnerability exists as a flaw was discovered in the JNLP (Java Network Launching Protocol) implementation in IcedTea-Web. An unsigned Java Web Start application could use this flaw to manipulate the content of a Security Warning dialog box, to trick a user into granting the application unintended access permissions to local files.

References

icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0

icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388

mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html

mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html

rhn.redhat.com/errata/RHSA-2011-1100.html

securitytracker.com/id?1025854

ubuntu.com/usn/usn-1178-1

access.redhat.com/errata/RHSA-2011:1100

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=718170

EPSS

0.011

Percentile

84.6%

Related for VERACODE:24668

nvd1 cve1 prion1 cvelist1 ubuntucve1 debiancve1 nessus7 openvas7 ubuntu1 fedora1 redhat1 oraclelinux1