← Back

CVE-2011-2514

nvd nist
Published: May 14, 2014Modified: May 6, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted.

Affected (22)

Redhat
2 products
Icedtea Web
Icedtea6
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Icedtea Web
Up to 1.0.3
Icedtea Web
Version 1.0.1
Icedtea Web
Version 1.0.2
Icedtea Web
Version 1.0
Icedtea Web
Version 1.1
Configuration B
17 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Icedtea6
Up to 1.8.8
Icedtea6
Version 1.8.1
Icedtea6
Version 1.8.2
Icedtea6
Version 1.8.3
Icedtea6
Version 1.8.4
Icedtea6
Version 1.8.5
Icedtea6
Version 1.8.6
Icedtea6
Version 1.8.7
Icedtea6
Version 1.8
Icedtea6
Version 1.9.1
Icedtea6
Version 1.9.2
Icedtea6
Version 1.9.3
Icedtea6
Version 1.9.4
Icedtea6
Version 1.9.5
Icedtea6
Version 1.9.6
Icedtea6
Version 1.9.7
Icedtea6
Version 1.9.8

Related CWEs

CWE-264
CWE-264

References (16)

Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
PatchVendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.