CVE Vulnerabilities

CVE-2011-3377

Published: Feb 05, 2014 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu
MEDIUM

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.

Affected Software

Name Vendor Start Version End Version
Icedtea-web Redhat 1.0 (including) 1.0 (including)
Icedtea-web Redhat 1.0.1 (including) 1.0.1 (including)
Icedtea-web Redhat 1.0.2 (including) 1.0.2 (including)
Icedtea-web Redhat 1.0.3 (including) 1.0.3 (including)
Icedtea-web Redhat 1.0.4 (including) 1.0.4 (including)
Icedtea-web Redhat 1.0.5 (including) 1.0.5 (including)
Icedtea-web Redhat 1.1 (including) 1.1 (including)
Icedtea-web Redhat 1.1.1 (including) 1.1.1 (including)
Icedtea-web Redhat 1.1.2 (including) 1.1.2 (including)
Icedtea-web Redhat 1.1.3 (including) 1.1.3 (including)
Red Hat Enterprise Linux 6 RedHat icedtea-web-0:1.0.6-1.el6_1 *
Icedtea-web Ubuntu natty *
Icedtea-web Ubuntu oneiric *
Openjdk-6 Ubuntu hardy *
Openjdk-6 Ubuntu lucid *
Openjdk-6 Ubuntu maverick *
Openjdk-6b18 Ubuntu lucid *
Openjdk-6b18 Ubuntu maverick *
Sun-java5 Ubuntu hardy *

References