PT-2014-2124 · Icedtea+1 · Icedtea6+2
Omair Majid
·
Published
2011-07-27
·
Updated
2014-06-25
·
CVE-2011-2514
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
IcedTea6 versions 1.9.x through 1.9.8
IcedTea6 versions 1.8.x through 1.8.8
IcedTea-Web versions 1.1.x through 1.1.0
IcedTea-Web versions 1.0.x through 1.0.3
Description
The issue allows remote attackers to deceive victims into granting access to local files. This is achieved by modifying the content of the Java Web Start Security Warning dialog box, making it represent a different filename than the file for which access will be granted.
Recommendations
For IcedTea6 versions 1.9.x through 1.9.8, update to version 1.9.9 or later.
For IcedTea6 versions 1.8.x through 1.8.8, update to version 1.8.9 or later.
For IcedTea-Web versions 1.1.x through 1.1.0, update to version 1.1.1 or later.
For IcedTea-Web versions 1.0.x through 1.0.3, update to version 1.0.4 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Icedtea-Web
Icedtea6
Red Hat