CVE-2011-2513

Summary

CVE	CVE-2011-2513
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2014-05-14 00:55:00 UTC
Updated	2014-06-25 18:09:00 UTC
Description	The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.

Risk And Classification

Problem Types: CWE-200

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Redhat	Icedtea-web	1.0	All	All	All
Application	Redhat	Icedtea-web	1.0.1	All	All	All
Application	Redhat	Icedtea-web	1.0.2	All	All	All
Application	Redhat	Icedtea-web	1.1	All	All	All
Application	Redhat	Icedtea-web	1.0	All	All	All
Application	Redhat	Icedtea-web	1.0.1	All	All	All
Application	Redhat	Icedtea-web	1.0.2	All	All	All
Application	Redhat	Icedtea-web	1.1	All	All	All
Application	Redhat	Icedtea-web	All	All	All	All
Application	Redhat	Icedtea6	1.8	All	All	All
Application	Redhat	Icedtea6	1.8.1	All	All	All
Application	Redhat	Icedtea6	1.8.2	All	All	All
Application	Redhat	Icedtea6	1.8.3	All	All	All
Application	Redhat	Icedtea6	1.8.4	All	All	All
Application	Redhat	Icedtea6	1.8.5	All	All	All
Application	Redhat	Icedtea6	1.8.6	All	All	All
Application	Redhat	Icedtea6	1.8.7	All	All	All
Application	Redhat	Icedtea6	1.9.1	All	All	All
Application	Redhat	Icedtea6	1.9.2	All	All	All
Application	Redhat	Icedtea6	1.9.3	All	All	All
Application	Redhat	Icedtea6	1.9.4	All	All	All
Application	Redhat	Icedtea6	1.9.5	All	All	All
Application	Redhat	Icedtea6	1.9.6	All	All	All
Application	Redhat	Icedtea6	1.9.7	All	All	All
Application	Redhat	Icedtea6	1.9.8	All	All	All
Application	Redhat	Icedtea6	1.8	All	All	All
Application	Redhat	Icedtea6	1.8.1	All	All	All
Application	Redhat	Icedtea6	1.8.2	All	All	All
Application	Redhat	Icedtea6	1.8.3	All	All	All
Application	Redhat	Icedtea6	1.8.4	All	All	All
Application	Redhat	Icedtea6	1.8.5	All	All	All
Application	Redhat	Icedtea6	1.8.6	All	All	All
Application	Redhat	Icedtea6	1.8.7	All	All	All
Application	Redhat	Icedtea6	1.9.1	All	All	All
Application	Redhat	Icedtea6	1.9.2	All	All	All
Application	Redhat	Icedtea6	1.9.3	All	All	All
Application	Redhat	Icedtea6	1.9.4	All	All	All
Application	Redhat	Icedtea6	1.9.5	All	All	All
Application	Redhat	Icedtea6	1.9.6	All	All	All
Application	Redhat	Icedtea6	1.9.7	All	All	All
Application	Redhat	Icedtea6	1.9.8	All	All	All
Application	Redhat	Icedtea6	All	All	All	All

References

Reference	Source	Link	Tags
IcedTea-Web Bugs Let Remote Users Determine the Home Directory Path and Manipulate the Security Warning Dialog - SecurityTracker	SECTRACK	securitytracker.com
release/icedtea-web-1.0: b29fdd0f4d04	MISC	icedtea.classpath.org
release/icedtea-web-1.1: c7ce6c0e6227	MISC	icedtea.classpath.org
Bug 718164 – CVE-2011-2513 icedtea, icedtea-web: home directory path disclosure to untrusted applications	CONFIRM	bugzilla.redhat.com
IcedTea-Web 1.0.4 and 1.1.1 (security releases) released	MLIST	mail.openjdk.java.net	Patch
access.redhat.com	REDHAT	rhn.redhat.com
USN-1178-1: IcedTea-Web, OpenJDK 6 vulnerabilities \| Ubuntu	UBUNTU	ubuntu.com
[SECURITY] IcedTea6 1.8.9 & 1.9.9 Released!	MLIST	mail.openjdk.java.net	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.