MiracleLinux 7 : icedtea-web-1.7.1-2.0.1.el7.AXS7 (AXSA:2019-3964:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3964:01 advisory. icedtea-web: path traversal while processing elements of JNLP files results in arbitrary file overwrite CVE-2019-10182 icedtea-web: directory...

CentOS 8 : icedtea-web (CESA-2019:2004)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:2004 advisory. - icedtea-web: unsigned code injection in a signed JAR file CVE-2019-10181 - icedtea-web: path traversal while processing elements of JNLP files result...

icedtea security update

CentOS Errata and Security Advisory CESA-2019:2003 An update for icedtea-web is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

OPENSUSE-SU-2019:1911-1 Security update for icedtea-web

This update for icedtea-web to version 1.7.2 fixes the following issues: Security issues fixed: - CVE-2019-10181: Fixed an unsigned code injection in a signed JAR file bsc1142835 - CVE-2019-10182: Fixed a path traversal while processing elements of JNLP files results in arbitrary file overwrite...

Oracle Linux 7 : icedtea-web (ELSA-2019-2003)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2003 advisory. - added patch1, patch4 and patch11 to fix CVE-2019-10182 - added patch2 to fix CVE-2019-10181 - added patch3 and patch33 to fix CVE-2019-10185 Tenable...

Oracle Linux 8 : icedtea-web (ELSA-2019-2004)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2004 advisory. - added patch1, patch4 and patch11 to fix CVE-2019-10182 - added patch2 to fix CVE-2019-10181 - added patch3 and patch33 to fix CVE-2019-10185 Tenable...

RHEL 7 : icedtea-web (RHSA-2019:2003)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2003 advisory. The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It...

RHEL 8 : icedtea-web (RHSA-2019:2004)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2004 advisory. The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It...

Remote Code Execution

icedtea-web is vulnerable to remote code execution. It is due to unsigned code injection in a signed JAR file...

icedtea-web: unsigned code injection in a signed JAR file

It was found that executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox...