PT-2014-2124 · Icedtea+1 · Icedtea6+2
Omair Majid
·
Publicado
2011-07-27
·
Atualizado
2014-06-25
·
CVE-2011-2514
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
IcedTea6 versions 1.9.x through 1.9.8
IcedTea6 versions 1.8.x through 1.8.8
IcedTea-Web versions 1.1.x through 1.1.0
IcedTea-Web versions 1.0.x through 1.0.3
Description
The issue allows remote attackers to deceive victims into granting access to local files. This is achieved by modifying the content of the Java Web Start Security Warning dialog box, making it represent a different filename than the file for which access will be granted.
Recommendations
For IcedTea6 versions 1.9.x through 1.9.8, update to version 1.9.9 or later.
For IcedTea6 versions 1.8.x through 1.8.8, update to version 1.8.9 or later.
For IcedTea-Web versions 1.1.x through 1.1.0, update to version 1.1.1 or later.
For IcedTea-Web versions 1.0.x through 1.0.3, update to version 1.0.4 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Icedtea-Web
Icedtea6
Red Hat