Detections
Analytics
CVE-2011-0706high
Description
The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."
References
http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html
https://bugzilla.redhat.com/show_bug.cgi?id=677332
http://secunia.com/advisories/43350
http://security.gentoo.org/glsa/glsa-201406-32.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/65534
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117
http://www.debian.org/security/2011/dsa-2224
http://www.mandriva.com/security/advisories?name=MDVSA-2011:054
Details
Published: 2011-02-19
Risk Information
CVSS v2
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: High