{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-07-20T00:00:00", "descriptions": [{"lang": "en", "value": "The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-05-13T23:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"}, {"name": "USN-1178-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://ubuntu.com/usn/usn-1178-1"}, {"name": "RHSA-2011:1100", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"}, {"name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 & 1.9.9 Released!", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"}, {"tags": ["x_refsource_MISC"], "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0"}, {"tags": ["x_refsource_MISC"], "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=718170"}, {"name": "1025854", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1025854"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2514", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released", "refsource": "MLIST", "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"}, {"name": "USN-1178-1", "refsource": "UBUNTU", "url": "http://ubuntu.com/usn/usn-1178-1"}, {"name": "RHSA-2011:1100", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"}, {"name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 & 1.9.9 Released!", "refsource": "MLIST", "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"}, {"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0", "refsource": "MISC", "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0"}, {"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388", "refsource": "MISC", "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=718170", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=718170"}, {"name": "1025854", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1025854"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:00:34.171Z"}, "title": "CVE Program Container", "references": [{"name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"}, {"name": "USN-1178-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://ubuntu.com/usn/usn-1178-1"}, {"name": "RHSA-2011:1100", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"}, {"name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 & 1.9.9 Released!", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=718170"}, {"name": "1025854", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1025854"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-2514", "datePublished": "2014-05-14T00:00:00", "dateReserved": "2011-06-15T00:00:00", "dateUpdated": "2024-08-06T23:00:34.171Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:icedtea-web:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0AAB67E-694C-4742-9597-E2DFBD78CE99", "versionEndIncluding": "1.0.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "941141AF-7E4A-4302-82A0-410D5694983A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E6B24564-AA45-4A26-BB3D-8C9B8DF8EBD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "0882F9F6-0C78-472E-82B2-0DCD3909EBAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "69F3FB66-F6C8-449C-9650-B0D906E307AA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:icedtea6:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F6E633C-EFF2-45E0-A406-9E44CA31B346", "versionEndIncluding": "1.8.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.8:*:*:*:*:*:*:*", "matchCriteriaId": "CB7DC2DA-216C-4A82-92AF-13F6AAA40BA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "CB74C024-F874-497B-9639-0B445F4E2E45", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "D4A71A24-1102-4959-ADBD-2847A58F396F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "A3A7D423-B883-4533-B1E6-F8A9DE6CD7F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "A5E6C436-3EA7-43AF-B3A2-18CF85D19C83", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "1A7A83AA-16D8-4B8F-8E97-BAA4C1391180", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "D315C62C-C17B-4D0B-A899-B9A6C7E625C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "1B8A2C7F-16C7-48D0-AE1B-4888D7AFCEF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "18C4F4DD-08B3-4B0D-BBD7-4192194BD305", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "154BA32F-A747-4C84-8E8B-6D0D41310754", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "E08851A2-465E-43EC-B28B-2A740207ABC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "6977AFED-2DA4-43C0-8721-9A2F3D16B353", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "D00AA688-C5CE-4664-AF62-9ADB9BC0BF52", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "98934B23-304B-4B8E-B55E-71A711F066AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "76B0B4EC-CD60-4042-B23A-0AAF9969AD6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "DD3F4CAF-63D5-44DF-B4ED-71C3CF49F91C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted."}, {"lang": "es", "value": "La implementaci\u00f3n Java Network Launching Protocol (JNLP) en IcedTea6 1.9.x anterior a 1.9.9 y anterior a 1.8.9 y IcedTea-Web 1.1.x anterior a 1.1.1 y anterior a 1.0.4, permite a atacantes remotos enga\u00f1ar a usuarios para hacerles conceder el acceso a archivos locales mediante la modificaci\u00f3n del contenido del cuadro de di\u00e1logo Java Web Start Security Warning para que represente un nombre de archivo diferente al archivo para que acceso ser\u00e1 concedido."}], "id": "CVE-2011-2514", "lastModified": "2024-11-21T01:28:26.447", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-05-14T00:55:04.460", "references": [{"source": "secalert@redhat.com", "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0"}, {"source": "secalert@redhat.com", "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388"}, {"source": "secalert@redhat.com", "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"}, {"source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1025854"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://ubuntu.com/usn/usn-1178-1"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=718170"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1025854"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://ubuntu.com/usn/usn-1178-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=718170"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2011:1100", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "icedtea-web-0:1.0.4-2.el6_1", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2011-07-27T00:00:00Z"}], "bugzilla": {"description": "icedtea-web: Java Web Start security warning dialog manipulation", "id": "718170", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=718170"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted."], "name": "CVE-2011-2514", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "java-1.6.0-openjdk", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.6.0-openjdk", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2011-07-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-2514\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-2514"], "threat_severity": "Moderate", "upstream_fix": "icedtea-web 1.0.4, icedtea-web 1.1.1"}