CVE-2011-0706

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."

References

http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html

http://secunia.com/advisories/43350

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://www.debian.org/security/2011/dsa-2224

http://www.mandriva.com/security/advisories?name=MDVSA-2011:054

http://www.securityfocus.com/bid/46439

https://bugzilla.redhat.com/show_bug.cgi?id=677332

https://exchange.xforce.ibmcloud.com/vulnerabilities/65534

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117

Details

Source: MITRE

Published: 2011-02-19

Updated: 2017-09-19

Type: CWE-264

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
76303GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)NessusGentoo Local Security Checks
critical
75538openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)NessusSuSE Local Security Checks
critical
65100Ubuntu 10.10 : openjdk-6b18 vulnerabilities (USN-1079-3)NessusUbuntu Local Security Checks
critical
65099Ubuntu 9.10 / 10.04 LTS : openjdk-6b18 vulnerabilities (USN-1079-2)NessusUbuntu Local Security Checks
critical
53735openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)NessusSuSE Local Security Checks
critical
53507Debian DSA-2224-1 : openjdk-6 - several vulnerabilitiesNessusDebian Local Security Checks
critical
53001Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:054)NessusMandriva Local Security Checks
critical
52498Ubuntu 9.10 / 10.04 LTS / 10.10 : openjdk-6 vulnerabilities (USN-1079-1)NessusUbuntu Local Security Checks
critical
52006Fedora 14 : java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14 (2011-1645)NessusFedora Local Security Checks
critical
52005Fedora 13 : java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13 (2011-1631)NessusFedora Local Security Checks
critical