CVE-2011-2513

The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04
http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html	Vendor Advisory
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html	Patch
http://rhn.redhat.com/errata/RHSA-2011-1100.html
http://securitytracker.com/id?1025854
http://ubuntu.com/usn/usn-1178-1
https://bugzilla.redhat.com/show_bug.cgi?id=718164
http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04
http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html	Vendor Advisory
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html	Patch
http://rhn.redhat.com/errata/RHSA-2011-1100.html
http://securitytracker.com/id?1025854
http://ubuntu.com/usn/usn-1178-1
https://bugzilla.redhat.com/show_bug.cgi?id=718164

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:icedtea-web::::::::
	cpe:2.3:a:redhat:icedtea-web:1.0:::::::*
	cpe:2.3:a:redhat:icedtea-web:1.0.1:::::::*
	cpe:2.3:a:redhat:icedtea-web:1.0.2:::::::*
	cpe:2.3:a:redhat:icedtea-web:1.1:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:icedtea6::::::::
	cpe:2.3:a:redhat:icedtea6:1.8:::::::*
	cpe:2.3:a:redhat:icedtea6:1.8.1:::::::*
	cpe:2.3:a:redhat:icedtea6:1.8.2:::::::*
	cpe:2.3:a:redhat:icedtea6:1.8.3:::::::*
	cpe:2.3:a:redhat:icedtea6:1.8.4:::::::*
	cpe:2.3:a:redhat:icedtea6:1.8.5:::::::*
	cpe:2.3:a:redhat:icedtea6:1.8.6:::::::*
	cpe:2.3:a:redhat:icedtea6:1.8.7:::::::*
	cpe:2.3:a:redhat:icedtea6:1.9.1:::::::*
	cpe:2.3:a:redhat:icedtea6:1.9.2:::::::*
	cpe:2.3:a:redhat:icedtea6:1.9.3:::::::*
	cpe:2.3:a:redhat:icedtea6:1.9.4:::::::*
	cpe:2.3:a:redhat:icedtea6:1.9.5:::::::*
	cpe:2.3:a:redhat:icedtea6:1.9.6:::::::*
	cpe:2.3:a:redhat:icedtea6:1.9.7:::::::*
	cpe:2.3:a:redhat:icedtea6:1.9.8:::::::*

History

21 Nov 2024, 01:28

Type	Values Removed	Values Added
References	~~() http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04 -~~	() http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04 -
References	~~() http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227 -~~	() http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227 -
References	~~() http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html - Vendor Advisory~~	() http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html - Vendor Advisory
References	~~() http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html - Patch~~	() http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html - Patch
References	~~() http://rhn.redhat.com/errata/RHSA-2011-1100.html -~~	() http://rhn.redhat.com/errata/RHSA-2011-1100.html -
References	~~() http://securitytracker.com/id?1025854 -~~	() http://securitytracker.com/id?1025854 -
References	~~() http://ubuntu.com/usn/usn-1178-1 -~~	() http://ubuntu.com/usn/usn-1178-1 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=718164 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=718164 -

Information

Published : 2014-05-14 00:55

Updated : 2025-04-12 10:46

NVD link : CVE-2011-2513

Mitre link : CVE-2011-2513

CVE.ORG link : CVE-2011-2513

JSON object : View

Products Affected

redhat

icedtea-web
icedtea6

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2011-2513", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-05-14T00:55:04.383", "references": [{"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04", "source": "secalert@redhat.com"}, {"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227", "source": "secalert@redhat.com"}, {"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html", "source": "secalert@redhat.com"}, {"url": "http://securitytracker.com/id?1025854", "source": "secalert@redhat.com"}, {"url": "http://ubuntu.com/usn/usn-1178-1", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=718164", "source": "secalert@redhat.com"}, {"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1025854", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://ubuntu.com/usn/usn-1178-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=718164", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader."}, {"lang": "es", "value": "La implementaci\u00f3n Java Network Launching Protocol (JNLP) en IcedTea6 1.9.x anterior a 1.9.9 y anterior a 1.8.9 y IcedTea-Web 1.1.x anterior a 1.1.1 y anterior a 1.0.4, permite a atacantes remotos obtener el nombre de usuario y ruta completa de los directorios de home y cach\u00e9 al acceder a propiedades del ClassLoader."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:icedtea-web:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0AAB67E-694C-4742-9597-E2DFBD78CE99", "versionEndIncluding": "1.0.3"}, {"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "941141AF-7E4A-4302-82A0-410D5694983A"}, {"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6B24564-AA45-4A26-BB3D-8C9B8DF8EBD2"}, {"criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0882F9F6-0C78-472E-82B2-0DCD3909EBAF"}, {"criteria": "cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69F3FB66-F6C8-449C-9650-B0D906E307AA"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:icedtea6:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F6E633C-EFF2-45E0-A406-9E44CA31B346", "versionEndIncluding": "1.8.8"}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB7DC2DA-216C-4A82-92AF-13F6AAA40BA0"}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB74C024-F874-497B-9639-0B445F4E2E45"}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4A71A24-1102-4959-ADBD-2847A58F396F"}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3A7D423-B883-4533-B1E6-F8A9DE6CD7F5"}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5E6C436-3EA7-43AF-B3A2-18CF85D19C83"}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A7A83AA-16D8-4B8F-8E97-BAA4C1391180"}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D315C62C-C17B-4D0B-A899-B9A6C7E625C0"}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B8A2C7F-16C7-48D0-AE1B-4888D7AFCEF1"}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18C4F4DD-08B3-4B0D-BBD7-4192194BD305"}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "154BA32F-A747-4C84-8E8B-6D0D41310754"}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E08851A2-465E-43EC-B28B-2A740207ABC7"}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6977AFED-2DA4-43C0-8721-9A2F3D16B353"}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D00AA688-C5CE-4664-AF62-9ADB9BC0BF52"}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98934B23-304B-4B8E-B55E-71A711F066AA"}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76B0B4EC-CD60-4042-B23A-0AAF9969AD6E"}, {"criteria": "cpe:2.3:a:redhat:icedtea6:1.9.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD3F4CAF-63D5-44DF-B4ED-71C3CF49F91C"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

5.0 /10