PT-2014-2146 · Oracle+1 · Icedtea-Web+1

Deepak Bhole

Published

2011-11-08

Updated

2018-10-30

CVE-2011-3377

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions IcedTea-Web versions 1.0.x through 1.0.5 IcedTea-Web versions 1.1.x through 1.1.3

Description The issue allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts. This is achieved via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.

Recommendations For IcedTea-Web versions 1.0.x through 1.0.5, update to version 1.0.6 or later. For IcedTea-Web versions 1.1.x through 1.1.3, update to version 1.1.4 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2011-3377

DSA-2420-1

OPENSUSE-SU-2024:10316-1

RHSA-2011:1441

RHSA-2011_1441

Affected Products

Icedtea-Web

Red Hat

PT-2014-2146 · Oracle+1 · Icedtea-Web+1

CVE-2011-3377

Weakness Enumeration

Related Identifiers

Affected Products

References · 15