CVE-2011-0025

IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/46110
http://www.ubuntu.com/usn/USN-1055-1
http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/	Patch
http://secunia.com/advisories/43135	Vendor Advisory
http://www.debian.org/security/2011/dsa-2224
http://www.mandriva.com/security/advisories?name=MDVSA-2011:054
http://security.gentoo.org/glsa/glsa-201406-32.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/65151
http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset%3Bnode=3bd328e4b515

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:icedtea:1.9.3:::::::*
	cpe:2.3:a:redhat:icedtea:1.8.1:::::::*
	cpe:2.3:a:redhat:icedtea:1.9.4:::::::*
	cpe:2.3:a:redhat:icedtea:1.7.7:::::::*
	cpe:2.3:a:redhat:icedtea:1.7.2:::::::*
	cpe:2.3:a:redhat:icedtea:1.8.3:::::::*
	cpe:2.3:a:redhat:icedtea:1.8:::::::*
	cpe:2.3:a:redhat:icedtea:1.7.3:::::::*
	cpe:2.3:a:redhat:icedtea:1.7.5:::::::*
	cpe:2.3:a:redhat:icedtea:1.8.4:::::::*
	cpe:2.3:a:redhat:icedtea:1.7.4:::::::*
	cpe:2.3:a:redhat:icedtea:1.7.6:::::::*
	cpe:2.3:a:redhat:icedtea:1.8.2:::::::*
	cpe:2.3:a:redhat:icedtea:1.7.1:::::::*
	cpe:2.3:a:redhat:icedtea:1.9.2:::::::*
	cpe:2.3:a:redhat:icedtea:1.9:::::::*
	cpe:2.3:a:redhat:icedtea:1.9.1:::::::*
	cpe:2.3:a:redhat:icedtea:1.7:::::::*

Information

Published : 2011-02-04 12:00

Updated : 2023-02-12 16:15

NVD link : CVE-2011-0025

Mitre link : CVE-2011-0025

JSON object : View

CWE

CWE-20

Improper Input Validation

Advertisement

Products Affected

redhat

icedtea

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/46110", "name": "46110", "tags": [], "refsource": "BID"}, {"url": "http://www.ubuntu.com/usn/USN-1055-1", "name": "USN-1055-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/", "name": "http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/43135", "name": "43135", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2011/dsa-2224", "name": "DSA-2224", "tags": [], "refsource": "DEBIAN"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054", "name": "MDVSA-2011:054", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml", "name": "GLSA-201406-32", "tags": [], "refsource": "GENTOO"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65151", "name": "icedtea-jar-security-bypass(65151)", "tags": [], "refsource": "XF"}, {"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset%3Bnode=3bd328e4b515", "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset%3Bnode=3bd328e4b515", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are \"partially signed\" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-0025", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-02-04T20:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:icedtea:1.9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea:1.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea:1.9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea:1.7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea:1.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea:1.8.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea:1.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea:1.7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea:1.7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea:1.8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea:1.7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea:1.7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea:1.8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea:1.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea:1.9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea:1.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea:1.9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea:1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-13T00:15Z"}