Vulnerability Details : CVE-2011-0706
The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."
Products affected by CVE-2011-0706
- cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.0:pre:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.0.1:pre:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0706
1.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0706
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2011-0706
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0706
-
http://www.debian.org/security/2011/dsa-2224
Debian -- Security Information -- DSA-2224-1 openjdk-6
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117
Repository / Oval Repository
-
https://bugzilla.redhat.com/show_bug.cgi?id=677332
677332 – (CVE-2011-0706) CVE-2011-0706 IcedTea multiple signers privilege escalation
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html
[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14
-
http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/
IcedTea-Web 1.0.1 released! | Deepak’s BlogPatch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65534
OpenJDK IcedTea plugin JNLPClassLoader privilege escalation CVE-2011-0706 Vulnerability Report
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:054
mandriva.com
-
http://www.securityfocus.com/bid/46439
OpenJDK 'IcedTea' Multiple Signers Privilege Escalation Vulnerability
-
http://security.gentoo.org/glsa/glsa-201406-32.xml
IcedTea JDK: Multiple vulnerabilities (GLSA 201406-32) — Gentoo security
Jump to