fkie_nvd - fkie_cve-2011-0025

fkie_cve-2011-0025

Vulnerability from fkie_nvd

Published

2011-02-04 20:00

Modified

2024-11-21 01:23

Severity ?

Summary

IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.

References

URL	Tags
secalert@redhat.com	http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/	Patch
secalert@redhat.com	http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset%3Bnode=3bd328e4b515
secalert@redhat.com	http://secunia.com/advisories/43135	Vendor Advisory
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-201406-32.xml
secalert@redhat.com	http://www.debian.org/security/2011/dsa-2224
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2011:054
secalert@redhat.com	http://www.securityfocus.com/bid/46110
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1055-1
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/65151
af854a3a-2127-422b-91ae-364da2661108	http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/	Patch
af854a3a-2127-422b-91ae-364da2661108	http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset%3Bnode=3bd328e4b515
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43135	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201406-32.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2224
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:054
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46110
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1055-1
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/65151

Impacted products

Vendor	Product	Version
redhat	icedtea	1.7
redhat	icedtea	1.7.1
redhat	icedtea	1.7.2
redhat	icedtea	1.7.3
redhat	icedtea	1.7.4
redhat	icedtea	1.7.5
redhat	icedtea	1.7.6
redhat	icedtea	1.7.7
redhat	icedtea	1.8
redhat	icedtea	1.8.1
redhat	icedtea	1.8.2
redhat	icedtea	1.8.3
redhat	icedtea	1.8.4
redhat	icedtea	1.9
redhat	icedtea	1.9.1
redhat	icedtea	1.9.2
redhat	icedtea	1.9.3
redhat	icedtea	1.9.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:icedtea:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4833BFF6-1B29-4455-BA90-A11DE1F6D008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD18B06E-F419-4ADE-B6E5-DC364A9FF6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3970CE-8C3C-4F30-8927-1E5A6CD626E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E225339C-A5A8-4D56-A5EC-09814C83E0E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea:1.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADC26C27-DAD1-4DA9-A1DE-E3D5060C3EB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea:1.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "557CEA5C-2B78-4BC2-ABA2-E2272D3765A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea:1.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "39BB9DB4-AE61-4B74-B0AB-2363A5F4A9F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea:1.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FAC1F98-711A-4A9D-B81A-5B8180E4A006",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea:1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "68D8D8B4-8E82-4D08-9D39-2D94418D06E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3AD9684-D2D7-496B-B77A-2798244CB112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6D37313-09D9-4726-B083-1FD83A602DE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCFB7FF0-B2D7-43F2-86ED-0DC4966373E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "880A1C3A-9210-4263-9F16-F78C36B7DD9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea:1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3303605E-F164-4B9F-90E5-55E47C1C568B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C448596-505E-451B-8BC5-73FCB2D11DE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "39ECCC84-CA5A-44F7-B303-25BED16073B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D454FC4-329C-4C70-BF31-D3F8B6CF85E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D112A9B-C489-49FA-B446-54AEF1F515F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are \"partially signed\" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source."
    },
    {
      "lang": "es",
      "value": "IcedTea v1.7 anterior a v1.7.8, v1.8 anterior a v1.8.5 y v1.9 anterior a v1.9.5 no verifica adecuadamente las firmas de los archivos JAR que (1) est\u00e1n \"parcialmente firmados\" o (2), firmado por varias entidades, lo que permite a atacantes remotos enga\u00f1ar a usuarios ejecutando c\u00f3digo que parece provenir de una fuente de confianza."
    }
  ],
  "id": "CVE-2011-0025",
  "lastModified": "2024-11-21T01:23:08.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-02-04T20:00:02.447",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset%3Bnode=3bd328e4b515"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43135"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2011/dsa-2224"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/46110"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1055-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset%3Bnode=3bd328e4b515"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2224"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1055-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65151"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2011-0025

Vulnerability from cvelistv5

Published

2011-02-04 19:00

Modified

2024-08-06 21:43