CVE - CVE-2011-0025

CVE-ID
CVE-2011-0025	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset;node=3bd328e4b515 CONFIRM:http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/ DEBIAN:DSA-2224 URL:http://www.debian.org/security/2011/dsa-2224 GENTOO:GLSA-201406-32 URL:http://security.gentoo.org/glsa/glsa-201406-32.xml MANDRIVA:MDVSA-2011:054 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:054 UBUNTU:USN-1055-1 URL:http://www.ubuntu.com/usn/USN-1055-1 BID:46110 URL:http://www.securityfocus.com/bid/46110 SECUNIA:43135 URL:http://secunia.com/advisories/43135 XF:icedtea-jar-security-bypass(65151) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/65151
Assigning CNA
N/A
Date Entry Created
20101207	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20101207)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org