CVE-2011-2514

NameCVE-2011-2514
DescriptionThe Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
icedtea-web (PTS)jessie1.5.3-1fixed
buster, sid, stretch1.6.2-3.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
icedtea-websource(unstable)1.1-1medium
openjdk-6source(unstable)6b21~pre1-1medium

Notes

Browser plugin was removed in openjdk-6 6b21~pre1-1.

Search for package or bug name: Reporting problems