PT-2014-2146 · Oracle+1 · Icedtea-Web+1

Deepak Bhole

Publicado

2011-11-08

Atualizado

2018-10-30

CVE-2011-3377

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions IcedTea-Web versions 1.0.x through 1.0.5 IcedTea-Web versions 1.1.x through 1.1.3

Description The issue allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts. This is achieved via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.

Recommendations For IcedTea-Web versions 1.0.x through 1.0.5, update to version 1.0.6 or later. For IcedTea-Web versions 1.1.x through 1.1.3, update to version 1.1.4 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2011-3377

DSA-2420-1

OPENSUSE-SU-2024:10316-1

RHSA-2011:1441

RHSA-2011_1441

Produtos afetados

Icedtea-Web

Red Hat

PT-2014-2146 · Oracle+1 · Icedtea-Web+1

CVE-2011-3377

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 15