CVE-2011-0025

Sažetak

IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.

Reference

http://www.securityfocus.com/bid/46110
http://www.ubuntu.com/usn/USN-1055-1
http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/
http://secunia.com/advisories/43135
http://www.debian.org/security/2011/dsa-2224
http://www.mandriva.com/security/advisories?name=MDVSA-2011:054
http://security.gentoo.org/glsa/glsa-201406-32.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/65151
http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset%3Bnode=3bd328e4b515

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

13-02-2023 - 00:15

Objavljeno

04-02-2011 - 20:00