PT-2014-2123 · Icedtea+1 · Icedtea6+2
Omair Majid
·
Published
2011-07-27
·
Updated
2014-06-25
·
CVE-2011-2513
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IcedTea6 versions 1.9.x before 1.9.9
IcedTea6 versions 1.8.x before 1.8.9
IcedTea-Web versions 1.1.x before 1.1.1
IcedTea-Web versions 1.0.x before 1.0.4
Description
The Java Network Launching Protocol (JNLP) implementation allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.
Recommendations
For IcedTea6 versions 1.9.x before 1.9.9, update to version 1.9.9 or later.
For IcedTea6 versions 1.8.x before 1.8.9, update to version 1.8.9 or later.
For IcedTea-Web versions 1.1.x before 1.1.1, update to version 1.1.1 or later.
For IcedTea-Web versions 1.0.x before 1.0.4, update to version 1.0.4 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Icedtea-Web
Icedtea6
Red Hat