CVE-2011-3377
Summary
| CVE | CVE-2011-3377 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-02-05 19:55:00 UTC |
| Updated | 2018-10-30 16:27:00 UTC |
| Description | The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 10.04 | - | lts | All |
| Operating System | Canonical | Ubuntu Linux | 10.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 11.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 11.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 10.04 | - | lts | All |
| Operating System | Canonical | Ubuntu Linux | 10.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 11.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 11.10 | All | All | All |
| Operating System | Opensuse | Opensuse | 12.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 12.1 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0.1 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0.2 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0.3 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0.4 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0.5 | All | All | All |
| Application | Redhat | Icedtea-web | 1.1 | All | All | All |
| Application | Redhat | Icedtea-web | 1.1.1 | All | All | All |
| Application | Redhat | Icedtea-web | 1.1.2 | All | All | All |
| Application | Redhat | Icedtea-web | 1.1.3 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0.1 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0.2 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0.3 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0.4 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0.5 | All | All | All |
| Application | Redhat | Icedtea-web | 1.1 | All | All | All |
| Application | Redhat | Icedtea-web | 1.1.1 | All | All | All |
| Application | Redhat | Icedtea-web | 1.1.2 | All | All | All |
| Application | Redhat | Icedtea-web | 1.1.3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Debian -- Security Information -- DSA-2420-1 openjdk-6 | DEBIAN | www.debian.org | |
| 76940 | OSVDB | www.osvdb.org | |
| openSUSE-SU-2012:0371-1: moderate: update for icedtea-web | SUSE | lists.opensuse.org | |
| Bug 742515 – CVE-2011-3377 IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass | MISC | bugzilla.redhat.com | |
| access.redhat.com | REDHAT | rhn.redhat.com | |
| IcedTea-Web Plugin CVE-2011-3377 Same Origin Policy Bypass Vulnerability | BID | www.securityfocus.com | |
| IcedTea-Web 1.0.6 and 1.1.4 (security releases) released | Deepak’s Blog | CONFIRM | dbhole.wordpress.com | Patch, Vendor Advisory |
| USN-1263-1: IcedTea-Web, OpenJDK 6 vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.