CVE-2011-0025

IcedTea <1.7.8, <1.8.5, <1.9.5 - Code Injection

Title source: llm
STIX 2.1

Description

IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46110
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1055-1
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201406-32.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65151
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2224
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43135
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:054

Scores

EPSS 0.0258
EPSS Percentile 83.4%

Details

CWE
CWE-20
Status published
Products (18)
redhat/icedtea 1.7
redhat/icedtea 1.7.1
redhat/icedtea 1.7.2
redhat/icedtea 1.7.3
redhat/icedtea 1.7.4
redhat/icedtea 1.7.5
redhat/icedtea 1.7.6
redhat/icedtea 1.7.7
redhat/icedtea 1.8
redhat/icedtea 1.8.1
... and 8 more
Published Feb 04, 2011
Tracked Since Feb 18, 2026