CVE-2011-0706

CWE-264CWE-2668 documents6 sources
Severity
7.5HIGH
EPSS
1.6%
top 18.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat Icedtea-webSUN JDK
Timeline
PublishedFeb 19
Latest updateMay 17

Description

The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDredhat/icedtea-web1.0, 1.0.1+1
NVDsun/jdk1.6.0

Patches

Patch: dbhole.wordpress.comPatch: dbhole.wordpress.com

🔴Vulnerability Details

2
GHSA
GHSA-6228-hc88-4m3g: The JNLPClassLoader class in IcedTea-Web before 12022-05-17
CVEList
CVE-2011-0706: The JNLPClassLoader class in IcedTea-Web before 12011-02-18

📋Vendor Advisories

4
Ubuntu
OpenJDK 6 vulnerabilities2011-03-17
Ubuntu
OpenJDK 6 vulnerabilities2011-03-15
Ubuntu
OpenJDK 6 vulnerabilities2011-03-01
Red Hat
IcedTea multiple signers privilege escalation2011-02-15

💬Community

1
Bugzilla
CVE-2011-0706 IcedTea multiple signers privilege escalation2011-02-14
CVE-2011-0706 (HIGH CVSS 7.5) | The JNLPClassLoader class in IcedTe | cvebase.io