CVE-2011-2513

CWE-200 — Information Exposure11 documents9 sources

Severity

5.0MEDIUM

EPSS

0.5%

top 34.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Icedtea-web Redhat Icedtea6

Timeline

PublishedMay 14

Latest updateMay 17

Description

The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDredhat/icedtea61.8.8+16

▶Debianicedtea-web< 1.1.2-1+3

▶NVDredhat/icedtea-web1.0.3+4

Patches

Patch: mail.openjdk.java.net ↗Patch: mail.openjdk.java.net ↗

🔴Vulnerability Details

GHSA

GHSA-pphc-5pp2-xfm2: The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1↗2022-05-17

▶

CVEList

CVE-2011-2513: The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1↗2014-05-14

▶

OSV

CVE-2011-2513: The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1↗2014-05-14

▶

💥Exploits & PoCs

Exploit-DB

SAP NetWeaver Dispatcher - Multiple Vulnerabilities↗2012-05-09

▶

📋Vendor Advisories

Ubuntu

IcedTea-Web, OpenJDK 6 vulnerabilities↗2011-07-27

▶

Red Hat

icedtea-web: home directory path disclosure to untrusted applications↗2011-07-20

▶

Debian

CVE-2011-2513: icedtea-web - The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x befo...↗2011

▶

💬Community

Bugzilla

CVE-2011-2513 CVE-2011-2514 icedtea-web: multiple security issues [fedora-15]↗2011-07-20

▶

Bugzilla

CVE-2011-2513 icedtea, icedtea-web: home directory path disclosure to untrusted applications [fedora-14]↗2011-07-20

▶

Bugzilla

CVE-2011-2513 icedtea, icedtea-web: home directory path disclosure to untrusted applications↗2011-07-01

▶