CVE-2011-2513
icedtea-web: home directory path disclosure to untrusted applications
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.
La implementación Java Network Launching Protocol (JNLP) en IcedTea6 1.9.x anterior a 1.9.9 y anterior a 1.8.9 y IcedTea-Web 1.1.x anterior a 1.1.1 y anterior a 1.0.4, permite a atacantes remotos obtener el nombre de usuario y ruta completa de los directorios de home y caché al acceder a propiedades del ClassLoader.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-06-15 CVE Reserved
- 2011-07-27 CVE Published
- 2023-12-24 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04 | X_refsource_misc | |
| http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227 | X_refsource_misc | |
| http://securitytracker.com/id?1025854 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html | 2014-06-25 |
| URL | Date | SRC |
|---|---|---|
| http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html | 2014-06-25 | |
| http://rhn.redhat.com/errata/RHSA-2011-1100.html | 2014-06-25 | |
| http://ubuntu.com/usn/usn-1178-1 | 2014-06-25 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=718164 | 2011-07-27 | |
| https://access.redhat.com/security/cve/CVE-2011-2513 | 2011-07-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Icedtea-web Search vendor "Redhat" for product "Icedtea-web" | <= 1.0.3 Search vendor "Redhat" for product "Icedtea-web" and version " <= 1.0.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea-web Search vendor "Redhat" for product "Icedtea-web" | 1.0 Search vendor "Redhat" for product "Icedtea-web" and version "1.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea-web Search vendor "Redhat" for product "Icedtea-web" | 1.0.1 Search vendor "Redhat" for product "Icedtea-web" and version "1.0.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea-web Search vendor "Redhat" for product "Icedtea-web" | 1.0.2 Search vendor "Redhat" for product "Icedtea-web" and version "1.0.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea-web Search vendor "Redhat" for product "Icedtea-web" | 1.1 Search vendor "Redhat" for product "Icedtea-web" and version "1.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | <= 1.8.8 Search vendor "Redhat" for product "Icedtea6" and version " <= 1.8.8" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.8 Search vendor "Redhat" for product "Icedtea6" and version "1.8" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.8.1 Search vendor "Redhat" for product "Icedtea6" and version "1.8.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.8.2 Search vendor "Redhat" for product "Icedtea6" and version "1.8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.8.3 Search vendor "Redhat" for product "Icedtea6" and version "1.8.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.8.4 Search vendor "Redhat" for product "Icedtea6" and version "1.8.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.8.5 Search vendor "Redhat" for product "Icedtea6" and version "1.8.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.8.6 Search vendor "Redhat" for product "Icedtea6" and version "1.8.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.8.7 Search vendor "Redhat" for product "Icedtea6" and version "1.8.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.9.1 Search vendor "Redhat" for product "Icedtea6" and version "1.9.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.9.2 Search vendor "Redhat" for product "Icedtea6" and version "1.9.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.9.3 Search vendor "Redhat" for product "Icedtea6" and version "1.9.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.9.4 Search vendor "Redhat" for product "Icedtea6" and version "1.9.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.9.5 Search vendor "Redhat" for product "Icedtea6" and version "1.9.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.9.6 Search vendor "Redhat" for product "Icedtea6" and version "1.9.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.9.7 Search vendor "Redhat" for product "Icedtea6" and version "1.9.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.9.8 Search vendor "Redhat" for product "Icedtea6" and version "1.9.8" | - |
Affected
| ||||||