Veracode Vulnerability DatabaseVERACODE:24792Remote Code Execution (RCE)
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
The IcedTea-Web is vulnerable to denial of service (DoS). A flaw was found in the same-origin policy implementation in the IcedTea-Web browser plug-in. A malicious Java applet could use this flaw to open network connections to hosts other than the originating host, violating the same-origin policy.
| CPE | Name | Operator | Version |
|---|---|---|---|
| icedtea-web | eq | 1.0.4__2.el6_1 | |
| icedtea-web | eq | 1.0.2__3.el6 | |
| icedtea-web | eq | 1.0.4__2.el6_1 | |
| icedtea-web | eq | 1.0.2__3.el6 |
References
dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/
lists.opensuse.org/opensuse-updates/2012-03/msg00028.html
rhn.redhat.com/errata/RHSA-2011-1441.html
www.debian.org/security/2012/dsa-2420
www.osvdb.org/76940
www.securityfocus.com/bid/50610
www.ubuntu.com/usn/USN-1263-1
access.redhat.com/errata/RHSA-2011:1441
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=742515
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N