VDB
CVE-2011-0706
CVE-2011-0706
PUBLISHED
CVSS 7.5 HIGH
The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."
EPSS 1.55% · 81.8th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
1.55%
81.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | icedtea-web | 1.0, 1.0, 1.0.1 |
| n/a | n/a | n/a |
| sun | jdk | 1.6.0 |
Exploit Intelligence
- FEDORA-2011-1631 (circl)
- GLSA-201406-32 (circl)
- FEDORA-2011-1645 (circl)
- 46439 (circl)
- icedtea-jnlpclassloader-priv-esc(65534) (circl)
- http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/ (circl)
- 43350 (circl)
- DSA-2224 (circl)
- oval:org.mitre.oval:def:14117 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=677332 (circl)
…and 1 more exploits
Timeline
- Feb 18, 2011 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Feb 9, 2023 EPSS Score
- Feb 13, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- FEDORA-2011-1631 vendor-advisory
- GLSA-201406-32 vendor-advisory
- FEDORA-2011-1645 vendor-advisory
- 46439 vdb
- icedtea-jnlpclassloader-priv-esc(65534) vdb
- http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/ url
- 43350 third-party-advisory
- DSA-2224 vendor-advisory
- oval:org.mitre.oval:def:14117 vdb
- https://bugzilla.redhat.com/show_bug.cgi?id=677332 url
- MDVSA-2011:054 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2011-0706 advisory
- https://access.redhat.com/security/cve/CVE-2011-0706 url
- http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released url