Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.870699
Category:Red Hat Local Security Checks
Title:RedHat Update for icedtea-web RHSA-2011:1100-01
Summary:The remote host is missing an update for the 'icedtea-web'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'icedtea-web'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The IcedTea-Web project provides a Java web browser plug-in and an
implementation of Java Web Start, which is based on the Netx project. It
also contains a configuration tool for managing deployment settings for the
plug-in and Web Start implementations.

A flaw was discovered in the JNLP (Java Network Launching Protocol)
implementation in IcedTea-Web. An unsigned Java Web Start application
could use this flaw to manipulate the content of a Security Warning
dialog box, to trick a user into granting the application unintended access
permissions to local files. (CVE-2011-2514)

An information disclosure flaw was discovered in the JNLP implementation in
IcedTea-Web. An unsigned Java Web Start application or Java applet could
use this flaw to determine the path to the cache directory used to store
downloaded Java class and archive files, and therefore determine the user's
login name. (CVE-2011-2513)

All icedtea-web users should upgrade to these updated packages, which
contain backported patches to correct these issues.

Affected Software/OS:
icedtea-web on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-2513
http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04
http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html
RedHat Security Advisories: RHSA-2011:1100
http://rhn.redhat.com/errata/RHSA-2011-1100.html
http://securitytracker.com/id?1025854
http://ubuntu.com/usn/usn-1178-1
Common Vulnerability Exposure (CVE) ID: CVE-2011-2514
http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0
http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388
CopyrightCopyright (c) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.