CVE-2011-2514

2011-07-2000:00:00

ubuntu.com

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.6%

JSON

The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x
before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and
before 1.0.4, allows remote attackers to trick victims into granting access
to local files by modifying the content of the Java Web Start Security
Warning dialog box to represent a different filename than the file for
which access will be granted.

OSVersionArchitecturePackageVersionFilename
ubuntu11.04noarchicedtea-web< 1.1.1-0ubuntu1~11.04.1UNKNOWN
ubuntu8.04noarchopenjdk-6< 6b27-1.12.3-0ubuntu1~08.04.1UNKNOWN
ubuntu10.04noarchopenjdk-6< 6b20-1.9.9-0ubuntu1~10.04.2UNKNOWN
ubuntu10.10noarchopenjdk-6< 6b20-1.9.9-0ubuntu1~10.10.2UNKNOWN
ubuntu10.04noarchopenjdk-6b18< 6b18-1.8.8-0ubuntu1~10.04.2+1.8.9UNKNOWN
ubuntu10.10noarchopenjdk-6b18< 6b18-1.8.8-0ubuntu1~10.10.2+1.8.9UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	11.04	noarch	icedtea-web	< 1.1.1-0ubuntu1~11.04.1	UNKNOWN
ubuntu	8.04	noarch	openjdk-6	< 6b27-1.12.3-0ubuntu1~08.04.1	UNKNOWN
ubuntu	10.04	noarch	openjdk-6	< 6b20-1.9.9-0ubuntu1~10.04.2	UNKNOWN
ubuntu	10.10	noarch	openjdk-6	< 6b20-1.9.9-0ubuntu1~10.10.2	UNKNOWN
ubuntu	10.04	noarch	openjdk-6b18	< 6b18-1.8.8-0ubuntu1~10.04.2+1.8.9	UNKNOWN
ubuntu	10.10	noarch	openjdk-6b18	< 6b18-1.8.8-0ubuntu1~10.10.2+1.8.9	UNKNOWN