How to Buy
This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
The IcedTea-Web project provides a Java web browser plug-in and an
implementation of Java Web Start, which is based on the Netx project.
It also contains a configuration tool for managing deployment settings
for the plug-in and Web Start implementations.
A flaw was found in the same-origin policy implementation in the
IcedTea-Web browser plug-in. A malicious Java applet could use this
flaw to open network connections to hosts other than the originating
host, violating the same-origin policy. (CVE-2011-3377)
All IcedTea-Web users should upgrade to these updated packages, which
upgrade IcedTea-Web to version 1.0.6 to correct this issue. Web
browsers using the IcedTea-Web browser plug-in must be restarted for
this update to take effect.
See also :
Update the affected icedtea-web, icedtea-web-debuginfo and / or
Risk factor :
Medium / CVSS Base Score : 4.3
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 61171 ()
CVE ID: CVE-2011-3377
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.