This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
The IcedTea-Web project provides a Java web browser plug-in and an
implementation of Java Web Start, which is based on the Netx project.
It also contains a configuration tool for managing deployment settings
for the plug-in and Web Start implementations.
A flaw was found in the same-origin policy implementation in the
IcedTea-Web browser plug-in. A malicious Java applet could use this
flaw to open network connections to hosts other than the originating
host, violating the same-origin policy. (CVE-2011-3377)
All IcedTea-Web users should upgrade to these updated packages, which
upgrade IcedTea-Web to version 1.0.6 to correct this issue. Web
browsers using the IcedTea-Web browser plug-in must be restarted for
this update to take effect.
See also :
Update the affected icedtea-web, icedtea-web-debuginfo and / or
Risk factor :
Medium / CVSS Base Score : 4.3
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 61171 ()
CVE ID: CVE-2011-3377