CVE-2011-0706
Summary
| CVE | CVE-2011-0706 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-02-19 01:00:03 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor." |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Icedtea-web | 1.0 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0 | pre | All | All |
| Application | Redhat | Icedtea-web | 1.0.1 | pre | All | All |
| Application | Sun | Jdk | 1.6.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Debian -- Security Information -- DSA-2224-1 openjdk-6 | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| IcedTea-Web 1.0.1 released! | Deepak’s Blog | af854a3a-2127-422b-91ae-364da2661108 | dbhole.wordpress.com | Patch |
| [SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14 | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| Bug 677332 – CVE-2011-0706 IcedTea multiple signers privilege escalation | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | |
| Security Advisories | Mandriva Linux | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | |
| [SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13 | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| Gentoo Linux Documentation -- IcedTea JDK: Multiple vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | |
| OpenJDK 'IcedTea' Multiple Signers Privilege Escalation Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| Fedora update for java-1.6.0-openjdk - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| CVE-2011-0706 - Red Hat Customer Portal | MITRE | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.