PT-2014-2123 · Icedtea+1 · Icedtea6+2

Omair Majid

Publicado

2011-07-27

Atualizado

2014-06-25

CVE-2011-2513

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IcedTea6 versions 1.9.x before 1.9.9 IcedTea6 versions 1.8.x before 1.8.9 IcedTea-Web versions 1.1.x before 1.1.1 IcedTea-Web versions 1.0.x before 1.0.4

Description The Java Network Launching Protocol (JNLP) implementation allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.

Recommendations For IcedTea6 versions 1.9.x before 1.9.9, update to version 1.9.9 or later. For IcedTea6 versions 1.8.x before 1.8.9, update to version 1.8.9 or later. For IcedTea-Web versions 1.1.x before 1.1.1, update to version 1.1.1 or later. For IcedTea-Web versions 1.0.x before 1.0.4, update to version 1.0.4 or later.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2011-2513

OPENSUSE-SU-2024:10316-1

RHSA-2011:1100

RHSA-2011_1100

Produtos afetados

Icedtea-Web

Icedtea6

Red Hat

PT-2014-2123 · Icedtea+1 · Icedtea6+2

CVE-2011-2513

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16