{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-02-15T00:00:00", "descriptions": [{"lang": "en", "value": "The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of \"an inappropriate security descriptor.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2011-1631", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"}, {"name": "GLSA-201406-32", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"name": "FEDORA-2011-1645", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"}, {"name": "46439", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/46439"}, {"name": "icedtea-jnlpclassloader-priv-esc(65534)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65534"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/"}, {"name": "43350", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43350"}, {"name": "DSA-2224", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2011/dsa-2224"}, {"name": "oval:org.mitre.oval:def:14117", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677332"}, {"name": "MDVSA-2011:054", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:58:26.128Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2011-1631", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"}, {"name": "GLSA-201406-32", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"name": "FEDORA-2011-1645", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"}, {"name": "46439", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/46439"}, {"name": "icedtea-jnlpclassloader-priv-esc(65534)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65534"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/"}, {"name": "43350", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43350"}, {"name": "DSA-2224", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2011/dsa-2224"}, {"name": "oval:org.mitre.oval:def:14117", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677332"}, {"name": "MDVSA-2011:054", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-0706", "datePublished": "2011-02-18T23:00:00", "dateReserved": "2011-01-31T00:00:00", "dateUpdated": "2024-08-06T21:58:26.128Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "941141AF-7E4A-4302-82A0-410D5694983A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0:pre:*:*:*:*:*:*", "matchCriteriaId": "81421B64-64A3-4339-80CB-95BBDFB5C894", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.1:pre:*:*:*:*:*:*", "matchCriteriaId": "12C72453-AFA2-4AD7-B13F-DF01409B0459", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A3A4FEC7-A4A0-4B5C-A56C-8F80AE19865E", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of \"an inappropriate security descriptor.\""}, {"lang": "es", "value": "La clase JNLPClassLoader en IcedTea-Web anterior a versi\u00f3n 1.0.1, tal y como es usado en OpenJDK Runtime Environment versi\u00f3n 1.6.0, permite a los atacantes remotos alcanzar privilegios por medio de vectores desconocidos relacionados con varios firmantes y la asignaci\u00f3n de \"an inappropriate security descriptor\u201d."}], "id": "CVE-2011-0706", "lastModified": "2024-11-21T01:24:39.400", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-02-19T01:00:03.277", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43350"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2011/dsa-2224"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/46439"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677332"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65534"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43350"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2011/dsa-2224"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/46439"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677332"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65534"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "IcedTea multiple signers privilege escalation", "id": "677332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677332"}, "csaw": false, "cvss": {"cvss_base_score": "7.5", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "status": "draft"}, "cwe": "CWE-266", "details": ["The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of \"an inappropriate security descriptor.\""], "name": "CVE-2011-0706", "public_date": "2011-02-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-0706\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-0706"], "statement": "This issue did not affect the versions of the java-1.6.0-openjdk package as shipped with Red Hat Enterprise Linux 5 and 6.", "threat_severity": "Important"}