VDB
CVE-2011-0025
CVE-2011-0025
PUBLISHED
CVSS 6.800000190734863 MEDIUM
IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.
EPSS 1.54% · 81.7th percentile
Risk Scores
CVSS v2.0
6.800000190734863
EPSS Score
1.54%
81.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| redhat | icedtea | 1.7, 1.7.3, 1.7.4 |
Timeline
- Feb 4, 2011 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- May 24, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
- Sep 6, 2023 EPSS Score
References
- 46110 vdb
- USN-1055-1 vendor-advisory
- GLSA-201406-32 vendor-advisory
- icedtea-jar-security-bypass(65151) vdb
- DSA-2224 vendor-advisory
- 43135 third-party-advisory
- http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset%3Bnode=3bd328e4b515 url
- http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/ url
- MDVSA-2011:054 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2011-0025 advisory
- https://access.redhat.com/security/cve/CVE-2011-0025 url
- https://bugzilla.redhat.com/show_bug.cgi?id=672262 url
- http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released url
- http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset;node=3bd328e4b515 url