CVE-2011-2514
Summary
| CVE | CVE-2011-2514 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-05-14 00:55:04 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:M/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Icedtea-web | 1.0 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0.1 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0.2 | All | All | All |
| Application | Redhat | Icedtea-web | 1.1 | All | All | All |
| Application | Redhat | Icedtea-web | All | All | All | All |
| Application | Redhat | Icedtea6 | 1.8 | All | All | All |
| Application | Redhat | Icedtea6 | 1.8.1 | All | All | All |
| Application | Redhat | Icedtea6 | 1.8.2 | All | All | All |
| Application | Redhat | Icedtea6 | 1.8.3 | All | All | All |
| Application | Redhat | Icedtea6 | 1.8.4 | All | All | All |
| Application | Redhat | Icedtea6 | 1.8.5 | All | All | All |
| Application | Redhat | Icedtea6 | 1.8.6 | All | All | All |
| Application | Redhat | Icedtea6 | 1.8.7 | All | All | All |
| Application | Redhat | Icedtea6 | 1.9.1 | All | All | All |
| Application | Redhat | Icedtea6 | 1.9.2 | All | All | All |
| Application | Redhat | Icedtea6 | 1.9.3 | All | All | All |
| Application | Redhat | Icedtea6 | 1.9.4 | All | All | All |
| Application | Redhat | Icedtea6 | 1.9.5 | All | All | All |
| Application | Redhat | Icedtea6 | 1.9.6 | All | All | All |
| Application | Redhat | Icedtea6 | 1.9.7 | All | All | All |
| Application | Redhat | Icedtea6 | 1.9.8 | All | All | All |
| Application | Redhat | Icedtea6 | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| access.redhat.com | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | |
| release/icedtea-web-1.1: 512de5d90388 | af854a3a-2127-422b-91ae-364da2661108 | icedtea.classpath.org | |
| IcedTea-Web Bugs Let Remote Users Determine the Home Directory Path and Manipulate the Security Warning Dialog - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | securitytracker.com | |
| IcedTea-Web 1.0.4 and 1.1.1 (security releases) released | af854a3a-2127-422b-91ae-364da2661108 | mail.openjdk.java.net | Patch, Vendor Advisory |
| release/icedtea-web-1.0: b99f9a9769e0 | af854a3a-2127-422b-91ae-364da2661108 | icedtea.classpath.org | |
| USN-1178-1: IcedTea-Web, OpenJDK 6 vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | ubuntu.com | Patch |
| [SECURITY] IcedTea6 1.8.9 & 1.9.9 Released! | af854a3a-2127-422b-91ae-364da2661108 | mail.openjdk.java.net | |
| Bug 718170 – CVE-2011-2514 icedtea-web: Java Web Start security warning dialog manipulation | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.