CVE-2011-0706
IcedTea-Web - Privilege Escalation via JNLPClassLoader Security Descriptor Assignment
Title source: llmDescription
The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."
References (11)
Core 11
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201406-32.xml
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46439
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65534
Patch x_refsource_confirm
http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43350
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2224
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=677332
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:054
Scores
EPSS
0.0155
EPSS Percentile
81.6%
Details
CWE
CWE-264
Status
published
Products (3)
redhat/icedtea-web
1.0 (2 CPE variants)
redhat/icedtea-web
1.0.1 pre
sun/jdk
1.6.0
Published
Feb 19, 2011
Tracked Since
Feb 18, 2026