CVE-2011-2513

2011-07-2000:00:00

ubuntu.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

77.0%

JSON

The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x
before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and
before 1.0.4, allows remote attackers to obtain the username and full path
of the home and cache directories by accessing properties of the
ClassLoader.

Notes

Author	Note
mdeslaur	in natty+, NetX and the plugin moved to the icedtea-web package

OSVersionArchitecturePackageVersionFilename
ubuntu11.04noarchicedtea-web< 1.1.1-0ubuntu1~11.04.1UNKNOWN
ubuntu8.04noarchopenjdk-6< 6b27-1.12.3-0ubuntu1~08.04.1UNKNOWN
ubuntu10.04noarchopenjdk-6< 6b20-1.9.9-0ubuntu1~10.04.2UNKNOWN
ubuntu10.10noarchopenjdk-6< 6b20-1.9.9-0ubuntu1~10.10.2UNKNOWN
ubuntu10.04noarchopenjdk-6b18< 6b18-1.8.8-0ubuntu1~10.04.2+1.8.9UNKNOWN
ubuntu10.10noarchopenjdk-6b18< 6b18-1.8.8-0ubuntu1~10.10.2+1.8.9UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	11.04	noarch	icedtea-web	< 1.1.1-0ubuntu1~11.04.1	UNKNOWN
ubuntu	8.04	noarch	openjdk-6	< 6b27-1.12.3-0ubuntu1~08.04.1	UNKNOWN
ubuntu	10.04	noarch	openjdk-6	< 6b20-1.9.9-0ubuntu1~10.04.2	UNKNOWN
ubuntu	10.10	noarch	openjdk-6	< 6b20-1.9.9-0ubuntu1~10.10.2	UNKNOWN
ubuntu	10.04	noarch	openjdk-6b18	< 6b18-1.8.8-0ubuntu1~10.04.2+1.8.9	UNKNOWN
ubuntu	10.10	noarch	openjdk-6b18	< 6b18-1.8.8-0ubuntu1~10.10.2+1.8.9	UNKNOWN