CVE-2011-2513

The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227
http://ubuntu.com/usn/usn-1178-1
http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04
http://securitytracker.com/id?1025854
https://bugzilla.redhat.com/show_bug.cgi?id=718164
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html	Patch
http://rhn.redhat.com/errata/RHSA-2011-1100.html
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:icedtea-web:1.1:::::::*
	cpe:2.3:a:redhat:icedtea-web::::::::
	cpe:2.3:a:redhat:icedtea-web:1.0.2:::::::*
	cpe:2.3:a:redhat:icedtea-web:1.0.1:::::::*
	cpe:2.3:a:redhat:icedtea-web:1.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:icedtea6:1.8.5:::::::*
	cpe:2.3:a:redhat:icedtea6:1.8.4:::::::*
	cpe:2.3:a:redhat:icedtea6:1.8.3:::::::*
	cpe:2.3:a:redhat:icedtea6:1.8.2:::::::*
	cpe:2.3:a:redhat:icedtea6:1.9.4:::::::*
	cpe:2.3:a:redhat:icedtea6:1.9.5:::::::*
	cpe:2.3:a:redhat:icedtea6:1.9.6:::::::*
	cpe:2.3:a:redhat:icedtea6:1.9.7:::::::*
	cpe:2.3:a:redhat:icedtea6:1.9.1:::::::*
	cpe:2.3:a:redhat:icedtea6:1.9.3:::::::*
	cpe:2.3:a:redhat:icedtea6:1.9.8:::::::*
	cpe:2.3:a:redhat:icedtea6:1.9.2:::::::*
	cpe:2.3:a:redhat:icedtea6:1.8.1:::::::*
	cpe:2.3:a:redhat:icedtea6:1.8:::::::*
	cpe:2.3:a:redhat:icedtea6:1.8.6:::::::*
	cpe:2.3:a:redhat:icedtea6::::::::
	cpe:2.3:a:redhat:icedtea6:1.8.7:::::::*

Information

Published : 2014-05-13 17:55

Updated : 2014-06-25 11:09

NVD link : CVE-2011-2513

Mitre link : CVE-2011-2513

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Products Affected

redhat

icedtea-web
icedtea6

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227", "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227", "tags": [], "refsource": "MISC"}, {"url": "http://ubuntu.com/usn/usn-1178-1", "name": "USN-1178-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04", "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04", "tags": [], "refsource": "MISC"}, {"url": "http://securitytracker.com/id?1025854", "name": "1025854", "tags": [], "refsource": "SECTRACK"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=718164", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=718164", "tags": [], "refsource": "CONFIRM"}, {"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html", "name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released", "tags": ["Patch"], "refsource": "MLIST"}, {"url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html", "name": "RHSA-2011:1100", "tags": [], "refsource": "REDHAT"}, {"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html", "name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 & 1.9.9 Released!", "tags": ["Vendor Advisory"], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-2513", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-05-14T00:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea-web:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.0.3"}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea-web:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea-web:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:icedtea6:1.8.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea6:1.8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea6:1.8.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea6:1.8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea6:1.9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea6:1.9.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea6:1.9.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea6:1.9.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea6:1.9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea6:1.9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea6:1.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea6:1.9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea6:1.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea6:1.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea6:1.8.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea6:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.8.8"}, {"cpe23Uri": "cpe:2.3:a:redhat:icedtea6:1.8.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2014-06-25T18:09Z"}

5.0 /10