IcedTea-Web Plugin CVE-2011-3377 Same Origin Policy Bypass Vulnerability
BID:50610
Info
IcedTea-Web Plugin CVE-2011-3377 Same Origin Policy Bypass Vulnerability
| Bugtraq ID: | 50610 |
| Class: | Unknown |
| CVE: |
CVE-2011-3377 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 09 2011 12:00AM |
| Updated: | Apr 13 2015 09:24PM |
| Credit: | Deepak Bhole |
| Vulnerable: |
Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 Redhat Enterprise Linux Workstation Optional 6 Redhat Enterprise Linux Workstation 6 Redhat Enterprise Linux Server Optional 6 Redhat Enterprise Linux Server 6 Redhat Enterprise Linux HPC Node Optional 6 Redhat Enterprise Linux HPC Node 6 Redhat Enterprise Linux Desktop Optional 6 Redhat Enterprise Linux Desktop 6 Oracle Enterprise Linux 6 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 IcedTea IcedTea-Web 1.0.4 IcedTea IcedTea-Web 1.0.5 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
| Not Vulnerable: |
IcedTea IcedTea-Web 1.1.4 IcedTea IcedTea-Web 1.0.6 |
Discussion
IcedTea-Web Plugin CVE-2011-3377 Same Origin Policy Bypass Vulnerability
IcedTea-Web Plugin is prone to a vulnerability that allows attackers to bypass the same-origin policy.
An attacker can exploit this issue to violate the same-origin policy and obtain potentially sensitive information, or to launch other attacks against other sites.
IcedTea-Web Plugin is prone to a vulnerability that allows attackers to bypass the same-origin policy.
An attacker can exploit this issue to violate the same-origin policy and obtain potentially sensitive information, or to launch other attacks against other sites.
Exploit / POC
IcedTea-Web Plugin CVE-2011-3377 Same Origin Policy Bypass Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
IcedTea-Web Plugin CVE-2011-3377 Same Origin Policy Bypass Vulnerability
Solution:
Updates are available. Please see the references for more information.
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
Mandriva Linux Mandrake 2010.1 x86_64
Mandriva Linux Mandrake 2010.1
Mandriva Linux Mandrake 2011 x86_64
Mandriva Linux Mandrake 2011
Solution:
Updates are available. Please see the references for more information.
MandrakeSoft Enterprise Server 5 x86_64
-
Mandriva icedtea-web-1.0.6-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-src-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/
MandrakeSoft Enterprise Server 5
-
Mandriva icedtea-web-1.0.6-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-src-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2010.1 x86_64
-
Mandriva icedtea-web-1.0.6-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-src-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2010.1
-
Mandriva icedtea-web-1.0.6-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-1.6.0.0-24.b22.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-src-1.6.0.0-24.b22.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2011 x86_64
-
Mandriva icedtea-web-1.0.6-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-src-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2011
-
Mandriva icedtea-web-1.0.6-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-src-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/
References
IcedTea-Web Plugin CVE-2011-3377 Same Origin Policy Bypass Vulnerability
References:
References: