{"api_version":"1","generated_at":"2026-04-23T11:32:24+00:00","cve":"CVE-2011-0706","urls":{"html":"https://cve.report/CVE-2011-0706","api":"https://cve.report/api/cve/CVE-2011-0706.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-0706","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-0706"},"summary":{"title":"CVE-2011-0706","description":"The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of \"an inappropriate security descriptor.\"","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2011-02-19 01:00:00","updated_at":"2023-02-13 01:18:00"},"problem_types":["CWE-264"],"metrics":[],"references":[{"url":"http://secunia.com/advisories/43350","name":"43350","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Fedora update for java-1.6.0-openjdk - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117","name":"oval:org.mitre.oval:def:14117","refsource":"OVAL","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html","name":"FEDORA-2011-1631","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/","name":"http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/","refsource":"CONFIRM","tags":["Patch"],"title":"IcedTea-Web 1.0.1 released! | Deepak’s Blog","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html","name":"FEDORA-2011-1645","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:054","name":"MDVSA-2011:054","refsource":"MANDRIVA","tags":[],"title":"Security Advisories | Mandriva Linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65534","name":"icedtea-jnlpclassloader-priv-esc(65534)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-201406-32.xml","name":"GLSA-201406-32","refsource":"GENTOO","tags":[],"title":"Gentoo Linux Documentation\n--\n  IcedTea JDK: Multiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2011/dsa-2224","name":"DSA-2224","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-2224-1 openjdk-6","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/46439","name":"46439","refsource":"BID","tags":[],"title":"OpenJDK 'IcedTea' Multiple Signers Privilege Escalation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2011-0706","name":"https://access.redhat.com/security/cve/CVE-2011-0706","refsource":"MISC","tags":[],"title":"CVE-2011-0706 - Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=677332","name":"https://bugzilla.redhat.com/show_bug.cgi?id=677332","refsource":"MISC","tags":[],"title":"Bug 677332 – CVE-2011-0706 IcedTea multiple signers privilege escalation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-0706","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0706","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"706","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"icedtea-web","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"706","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"icedtea-web","cpe6":"1.0","cpe7":"pre","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"706","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"icedtea-web","cpe6":"1.0.1","cpe7":"pre","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"706","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"icedtea-web","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"706","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"icedtea-web","cpe6":"1.0","cpe7":"pre","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"706","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"icedtea-web","cpe6":"1.0.1","cpe7":"pre","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"706","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jdk","cpe6":"1.6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"706","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"jdk","cpe6":"1.6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2011-0706","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of \"an inappropriate security descriptor.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://security.gentoo.org/glsa/glsa-201406-32.xml","refsource":"MISC","name":"http://security.gentoo.org/glsa/glsa-201406-32.xml"},{"url":"http://www.debian.org/security/2011/dsa-2224","refsource":"MISC","name":"http://www.debian.org/security/2011/dsa-2224"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:054","refsource":"MISC","name":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"},{"url":"http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/","refsource":"MISC","name":"http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html","refsource":"MISC","name":"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html","refsource":"MISC","name":"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"},{"url":"http://secunia.com/advisories/43350","refsource":"MISC","name":"http://secunia.com/advisories/43350"},{"url":"http://www.securityfocus.com/bid/46439","refsource":"MISC","name":"http://www.securityfocus.com/bid/46439"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65534","refsource":"MISC","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65534"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117","refsource":"MISC","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=677332","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=677332"}]}},"nvd":{"publishedDate":"2011-02-19 01:00:00","lastModifiedDate":"2023-02-13 01:18:00","problem_types":["CWE-264"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:icedtea-web:1.0:pre:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:icedtea-web:1.0.1:pre:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"706","Ordinal":"47774","Title":"CVE-2011-0706","CVE":"CVE-2011-0706","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"706","Ordinal":"1","NoteData":"The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of \"an inappropriate security descriptor.\"","Type":"Description","Title":null},{"CveYear":"2011","CveId":"706","Ordinal":"2","NoteData":"2011-02-18","Type":"Other","Title":"Published"},{"CveYear":"2011","CveId":"706","Ordinal":"3","NoteData":"2017-09-18","Type":"Other","Title":"Modified"}]}}}