CVE-2011-2514
icedtea-web: Java Web Start security warning dialog manipulation
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted.
La implementación Java Network Launching Protocol (JNLP) en IcedTea6 1.9.x anterior a 1.9.9 y anterior a 1.8.9 y IcedTea-Web 1.1.x anterior a 1.1.1 y anterior a 1.0.4, permite a atacantes remotos engañar a usuarios para hacerles conceder el acceso a archivos locales mediante la modificación del contenido del cuadro de diálogo Java Web Start Security Warning para que represente un nombre de archivo diferente al archivo para que acceso será concedido.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-06-15 CVE Reserved
- 2011-07-27 CVE Published
- 2023-12-24 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0 | X_refsource_misc | |
| http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388 | X_refsource_misc | |
| http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html | Mailing List | |
| http://securitytracker.com/id?1025854 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html | 2014-06-25 | |
| http://ubuntu.com/usn/usn-1178-1 | 2014-06-25 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2011-1100.html | 2014-06-25 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=718170 | 2011-07-27 | |
| https://access.redhat.com/security/cve/CVE-2011-2514 | 2011-07-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Icedtea-web Search vendor "Redhat" for product "Icedtea-web" | <= 1.0.3 Search vendor "Redhat" for product "Icedtea-web" and version " <= 1.0.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea-web Search vendor "Redhat" for product "Icedtea-web" | 1.0 Search vendor "Redhat" for product "Icedtea-web" and version "1.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea-web Search vendor "Redhat" for product "Icedtea-web" | 1.0.1 Search vendor "Redhat" for product "Icedtea-web" and version "1.0.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea-web Search vendor "Redhat" for product "Icedtea-web" | 1.0.2 Search vendor "Redhat" for product "Icedtea-web" and version "1.0.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea-web Search vendor "Redhat" for product "Icedtea-web" | 1.1 Search vendor "Redhat" for product "Icedtea-web" and version "1.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | <= 1.8.8 Search vendor "Redhat" for product "Icedtea6" and version " <= 1.8.8" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.8 Search vendor "Redhat" for product "Icedtea6" and version "1.8" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.8.1 Search vendor "Redhat" for product "Icedtea6" and version "1.8.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.8.2 Search vendor "Redhat" for product "Icedtea6" and version "1.8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.8.3 Search vendor "Redhat" for product "Icedtea6" and version "1.8.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.8.4 Search vendor "Redhat" for product "Icedtea6" and version "1.8.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.8.5 Search vendor "Redhat" for product "Icedtea6" and version "1.8.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.8.6 Search vendor "Redhat" for product "Icedtea6" and version "1.8.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.8.7 Search vendor "Redhat" for product "Icedtea6" and version "1.8.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.9.1 Search vendor "Redhat" for product "Icedtea6" and version "1.9.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.9.2 Search vendor "Redhat" for product "Icedtea6" and version "1.9.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.9.3 Search vendor "Redhat" for product "Icedtea6" and version "1.9.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.9.4 Search vendor "Redhat" for product "Icedtea6" and version "1.9.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.9.5 Search vendor "Redhat" for product "Icedtea6" and version "1.9.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.9.6 Search vendor "Redhat" for product "Icedtea6" and version "1.9.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.9.7 Search vendor "Redhat" for product "Icedtea6" and version "1.9.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Icedtea6 Search vendor "Redhat" for product "Icedtea6" | 1.9.8 Search vendor "Redhat" for product "Icedtea6" and version "1.9.8" | - |
Affected
| ||||||