CVE-2011-2513

NameCVE-2011-2513
DescriptionThe Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
icedtea-web (PTS)jessie1.5.3-1fixed
buster, sid, stretch1.6.2-3.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
icedtea-websource(unstable)1.1.2-1medium
openjdk-6source(unstable)6b21~pre1-1medium

Notes

Browser plugin was removed in openjdk-6 6b21~pre1-1.

Search for package or bug name: Reporting problems