CVE-2011-0025
Gentoo Linux Security Advisory 201406-32
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.
IcedTea v1.7 anterior a v1.7.8, v1.8 anterior a v1.8.5 y v1.9 anterior a v1.9.5 no verifica adecuadamente las firmas de los archivos JAR que (1) están "parcialmente firmados" o (2), firmado por varias entidades, lo que permite a atacantes remotos engañar a usuarios ejecutando código que parece provenir de una fuente de confianza.
Multiple vulnerabilities has been identified and fixed in java-1.6.0-openjdk. The JNLP SecurityManager in IcedTea 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. Unspecified vulnerability in the Java Runtime Environment in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. Various other issues have also been identified and addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-12-07 CVE Reserved
- 2011-02-01 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset%3Bnode=3bd328e4b515 | X_refsource_misc | |
| http://www.securityfocus.com/bid/46110 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65151 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released | 2023-02-13 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/43135 | 2023-02-13 | |
| http://security.gentoo.org/glsa/glsa-201406-32.xml | 2023-02-13 | |
| http://www.debian.org/security/2011/dsa-2224 | 2023-02-13 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:054 | 2023-02-13 | |
| http://www.ubuntu.com/usn/USN-1055-1 | 2023-02-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Icedtea Search vendor "Redhat" for product "Icedtea" | 1.7 Search vendor "Redhat" for product "Icedtea" and version "1.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea Search vendor "Redhat" for product "Icedtea" | 1.7.1 Search vendor "Redhat" for product "Icedtea" and version "1.7.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea Search vendor "Redhat" for product "Icedtea" | 1.7.2 Search vendor "Redhat" for product "Icedtea" and version "1.7.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea Search vendor "Redhat" for product "Icedtea" | 1.7.3 Search vendor "Redhat" for product "Icedtea" and version "1.7.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea Search vendor "Redhat" for product "Icedtea" | 1.7.4 Search vendor "Redhat" for product "Icedtea" and version "1.7.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea Search vendor "Redhat" for product "Icedtea" | 1.7.5 Search vendor "Redhat" for product "Icedtea" and version "1.7.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea Search vendor "Redhat" for product "Icedtea" | 1.7.6 Search vendor "Redhat" for product "Icedtea" and version "1.7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea Search vendor "Redhat" for product "Icedtea" | 1.7.7 Search vendor "Redhat" for product "Icedtea" and version "1.7.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea Search vendor "Redhat" for product "Icedtea" | 1.8 Search vendor "Redhat" for product "Icedtea" and version "1.8" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea Search vendor "Redhat" for product "Icedtea" | 1.8.1 Search vendor "Redhat" for product "Icedtea" and version "1.8.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea Search vendor "Redhat" for product "Icedtea" | 1.8.2 Search vendor "Redhat" for product "Icedtea" and version "1.8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea Search vendor "Redhat" for product "Icedtea" | 1.8.3 Search vendor "Redhat" for product "Icedtea" and version "1.8.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea Search vendor "Redhat" for product "Icedtea" | 1.8.4 Search vendor "Redhat" for product "Icedtea" and version "1.8.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea Search vendor "Redhat" for product "Icedtea" | 1.9 Search vendor "Redhat" for product "Icedtea" and version "1.9" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea Search vendor "Redhat" for product "Icedtea" | 1.9.1 Search vendor "Redhat" for product "Icedtea" and version "1.9.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea Search vendor "Redhat" for product "Icedtea" | 1.9.2 Search vendor "Redhat" for product "Icedtea" and version "1.9.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea Search vendor "Redhat" for product "Icedtea" | 1.9.3 Search vendor "Redhat" for product "Icedtea" and version "1.9.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea Search vendor "Redhat" for product "Icedtea" | 1.9.4 Search vendor "Redhat" for product "Icedtea" and version "1.9.4" | - |
Affected
| ||||||