CVE-2011-0706 — Vulnetix

Try Vulnetix Request Demo

CVE-2011-0706 PUBLISHED CVSS 7.5 HIGH

The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."

EPSS 1.55% · 81.3th percentile

Risk Scores

CVSS v2.0

7.5

EPSS Score

1.55%

81.3th percentile

Affected Products

Vendor	Product	Versions
redhat	icedtea-web	1.0, 1.0, 1.0.1
n/a	n/a	n/a
sun	jdk	1.6.0

Timeline

Feb 18, 2011 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 3, 2023 EPSS Score
Feb 4, 2023 EPSS Score
Feb 13, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

FEDORA-2011-1631 vendor-advisory
GLSA-201406-32 vendor-advisory
FEDORA-2011-1645 vendor-advisory
46439 vdb
icedtea-jnlpclassloader-priv-esc(65534) vdb
http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/ url
43350 third-party-advisory
DSA-2224 vendor-advisory
oval:org.mitre.oval:def:14117 vdb
https://bugzilla.redhat.com/show_bug.cgi?id=677332 url
MDVSA-2011:054 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2011-0706 advisory
https://access.redhat.com/security/cve/CVE-2011-0706 url
http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released url

Open in Interactive Console →