CVE-2011-2513

NameCVE-2011-2513
DescriptionThe Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
icedtea-web (PTS)bullseye1.8.4-1fixed
bookworm1.8.8-2fixed
sid, trixie1.8.8-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
icedtea-websource(unstable)1.1.2-1
openjdk-6source(unstable)6b21~pre1-1

Notes

Browser plugin was removed in openjdk-6 6b21~pre1-1.
Search for package or bug name: Reporting problems