CVE-2011-2514

Summary

CVE	CVE-2011-2514
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2014-05-14 00:55:00 UTC
Updated	2014-06-25 18:10:00 UTC
Description	The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted.

Risk And Classification

Problem Types: CWE-264

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Redhat	Icedtea-web	1.0	All	All	All
Application	Redhat	Icedtea-web	1.0.1	All	All	All
Application	Redhat	Icedtea-web	1.0.2	All	All	All
Application	Redhat	Icedtea-web	1.1	All	All	All
Application	Redhat	Icedtea-web	1.0	All	All	All
Application	Redhat	Icedtea-web	1.0.1	All	All	All
Application	Redhat	Icedtea-web	1.0.2	All	All	All
Application	Redhat	Icedtea-web	1.1	All	All	All
Application	Redhat	Icedtea-web	All	All	All	All
Application	Redhat	Icedtea6	1.8	All	All	All
Application	Redhat	Icedtea6	1.8.1	All	All	All
Application	Redhat	Icedtea6	1.8.2	All	All	All
Application	Redhat	Icedtea6	1.8.3	All	All	All
Application	Redhat	Icedtea6	1.8.4	All	All	All
Application	Redhat	Icedtea6	1.8.5	All	All	All
Application	Redhat	Icedtea6	1.8.6	All	All	All
Application	Redhat	Icedtea6	1.8.7	All	All	All
Application	Redhat	Icedtea6	1.9.1	All	All	All
Application	Redhat	Icedtea6	1.9.2	All	All	All
Application	Redhat	Icedtea6	1.9.3	All	All	All
Application	Redhat	Icedtea6	1.9.4	All	All	All
Application	Redhat	Icedtea6	1.9.5	All	All	All
Application	Redhat	Icedtea6	1.9.6	All	All	All
Application	Redhat	Icedtea6	1.9.7	All	All	All
Application	Redhat	Icedtea6	1.9.8	All	All	All
Application	Redhat	Icedtea6	1.8	All	All	All
Application	Redhat	Icedtea6	1.8.1	All	All	All
Application	Redhat	Icedtea6	1.8.2	All	All	All
Application	Redhat	Icedtea6	1.8.3	All	All	All
Application	Redhat	Icedtea6	1.8.4	All	All	All
Application	Redhat	Icedtea6	1.8.5	All	All	All
Application	Redhat	Icedtea6	1.8.6	All	All	All
Application	Redhat	Icedtea6	1.8.7	All	All	All
Application	Redhat	Icedtea6	1.9.1	All	All	All
Application	Redhat	Icedtea6	1.9.2	All	All	All
Application	Redhat	Icedtea6	1.9.3	All	All	All
Application	Redhat	Icedtea6	1.9.4	All	All	All
Application	Redhat	Icedtea6	1.9.5	All	All	All
Application	Redhat	Icedtea6	1.9.6	All	All	All
Application	Redhat	Icedtea6	1.9.7	All	All	All
Application	Redhat	Icedtea6	1.9.8	All	All	All
Application	Redhat	Icedtea6	All	All	All	All

References

Reference	Source	Link	Tags
IcedTea-Web Bugs Let Remote Users Determine the Home Directory Path and Manipulate the Security Warning Dialog - SecurityTracker	SECTRACK	securitytracker.com
IcedTea-Web 1.0.4 and 1.1.1 (security releases) released	MLIST	mail.openjdk.java.net	Patch, Vendor Advisory
release/icedtea-web-1.1: 512de5d90388	MISC	icedtea.classpath.org
release/icedtea-web-1.0: b99f9a9769e0	MISC	icedtea.classpath.org
access.redhat.com	REDHAT	rhn.redhat.com
USN-1178-1: IcedTea-Web, OpenJDK 6 vulnerabilities \| Ubuntu	UBUNTU	ubuntu.com	Patch
Bug 718170 – CVE-2011-2514 icedtea-web: Java Web Start security warning dialog manipulation	CONFIRM	bugzilla.redhat.com
[SECURITY] IcedTea6 1.8.9 & 1.9.9 Released!	MLIST	mail.openjdk.java.net
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.