Back to search
CVE-2010-4351
Published: Jan 20, 2011
Modified: Aug 7, 2024
PUBLISHED
Description
The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-1055-1
vendor-advisory
x_refsource_UBUNTU
GLSA-201406-32
vendor-advisory
x_refsource_GENTOO
FEDORA-2011-0521
vendor-advisory
x_refsource_FEDORA
45894
vdb-entry
x_refsource_BID
43085
third-party-advisory
x_refsource_SECUNIA
USN-1052-1
vendor-advisory
x_refsource_UBUNTU
ADV-2011-0215
vdb-entry
x_refsource_VUPEN
70605
vdb-entry
x_refsource_OSVDB
ADV-2011-0239
vdb-entry
x_refsource_VUPEN
http://www.zerodayinitiative.com/advisories/ZDI-11-014/
x_refsource_MISC
FEDORA-2011-0500
vendor-advisory
x_refsource_FEDORA
43002
third-party-advisory
x_refsource_SECUNIA
ADV-2011-0165
vdb-entry
x_refsource_VUPEN
43078
third-party-advisory
x_refsource_SECUNIA
DSA-2224
vendor-advisory
x_refsource_DEBIAN
43135
third-party-advisory
x_refsource_SECUNIA
ADV-2011-0166
vdb-entry
x_refsource_VUPEN
icedtea-jnlp-code-execution(64893)
vdb-entry
x_refsource_XF
https://bugzilla.redhat.com/show_bug.cgi?id=663680
x_refsource_CONFIRM
MDVSA-2011:054
vendor-advisory
x_refsource_MANDRIVA
RHSA-2011:0176
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now