CVE-2011-2514

CWE-26410 documents9 sources
Severity
6.8MEDIUM
EPSS
0.9%
top 24.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat Icedtea-webRedhat Icedtea6
Timeline
PublishedMay 14
Latest updateMay 17

Description

The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

NVDredhat/icedtea61.8.8+16
Debianicedtea-web< 1.1-1+3
NVDredhat/icedtea-web1.0.3+4

Patches

Patch: mail.openjdk.java.netPatch: ubuntu.comPatch: mail.openjdk.java.net

🔴Vulnerability Details

3
GHSA
GHSA-mfx6-3x7c-57wf: The Java Network Launching Protocol (JNLP) implementation in IcedTea6 12022-05-17
OSV
CVE-2011-2514: The Java Network Launching Protocol (JNLP) implementation in IcedTea6 12014-05-14
CVEList
CVE-2011-2514: The Java Network Launching Protocol (JNLP) implementation in IcedTea6 12014-05-14

💥Exploits & PoCs

1
Exploit-DB
SAP NetWeaver Dispatcher - Multiple Vulnerabilities2012-05-09

📋Vendor Advisories

3
Ubuntu
IcedTea-Web, OpenJDK 6 vulnerabilities2011-07-27
Red Hat
icedtea-web: Java Web Start security warning dialog manipulation2011-07-20
Debian
CVE-2011-2514: icedtea-web - The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x befo...2011

💬Community

2
Bugzilla
CVE-2011-2513 CVE-2011-2514 icedtea-web: multiple security issues [fedora-15]2011-07-20
Bugzilla
CVE-2011-2514 icedtea-web: Java Web Start security warning dialog manipulation2011-07-01
CVE-2011-2514 (MEDIUM CVSS 6.8) | The Java Network Launching Protocol | cvebase.io