9.1 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.016 Low
EPSS
Percentile
86.9%
IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are “partially signed” or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.
blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/
icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset%3Bnode=3bd328e4b515
secunia.com/advisories/43135
security.gentoo.org/glsa/glsa-201406-32.xml
www.debian.org/security/2011/dsa-2224
www.mandriva.com/security/advisories?name=MDVSA-2011:054
www.securityfocus.com/bid/46110
www.ubuntu.com/usn/USN-1055-1
exchange.xforce.ibmcloud.com/vulnerabilities/65151