CVE-2011-0706

{"id": "CVE-2011-0706", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-02-19T01:00:03.277", "references": [{"url": "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/43350", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml", "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2011/dsa-2224", "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/46439", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=677332", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65534", "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of \"an inappropriate security descriptor.\""}, {"lang": "es", "value": "La clase JNLPClassLoader en IcedTea-Web anterior a versi\u00f3n 1.0.1, tal y como es usado en OpenJDK Runtime Environment versi\u00f3n 1.6.0, permite a los atacantes remotos alcanzar privilegios por medio de vectores desconocidos relacionados con varios firmantes y la asignaci\u00f3n de \"an inappropriate security descriptor\u201d."}], "lastModified": "2023-02-13T01:18:26.987", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "941141AF-7E4A-4302-82A0-410D5694983A"}, {"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0:pre:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81421B64-64A3-4339-80CB-95BBDFB5C894"}, {"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.1:pre:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12C72453-AFA2-4AD7-B13F-DF01409B0459"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3A4FEC7-A4A0-4B5C-A56C-8F80AE19865E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}