Lucene search

K

RedhatCVELIST:CVE-2011-2514

HistoryMay 14, 2014 - 12:00 a.m.

CVE-2011-2514

2014-05-1400:00:00

redhat

www.cve.org

1

6.2 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.6%

The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted.

References

icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0

icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388

mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html

mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html

rhn.redhat.com/errata/RHSA-2011-1100.html

securitytracker.com/id?1025854

ubuntu.com/usn/usn-1178-1

bugzilla.redhat.com/show_bug.cgi?id=718170

6.2 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.6%

Related for CVELIST:CVE-2011-2514

veracode1 ubuntucve1 cve1 nvd1 debiancve1 prion1 oraclelinux1 redhat1 nessus7 openvas7 fedora1 ubuntu1