Executive Summary

Informations
Name CVE-2011-0706 First vendor Publication 2011-02-18
Vendor Cve Last vendor Modification 2017-09-19

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0706

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13043
 
Oval ID: oval:org.mitre.oval:def:13043
Title: DSA-2224-1 openjdk-6 -- several
Description: Several security vulnerabilities were discovered in OpenJDK, an implementation of the Java platform. CVE-2010-4351 The JNLP SecurityManager returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. CVE-2010-4448 Malicious applets can perform DNS cache poisoning. CVE-2010-4450 An empty LD_LIBRARY_PATH environment variable results in a misconstructed library search path, resulting in code execution from possibly untrusted sources. CVE-2010-4465 Malicious applets can extend their privileges by abusing Swing timers. CVE-2010-4469 The Hotspot just-in-time compiler miscompiles crafted byte sequences, resulting in heap corruption. CVE-2010-4470 JAXP can be exploited by untrusted code to elevate privileges. CVE-2010-4471 Java2D can be exploited by untrusted code to elevate privileges. CVE-2010-4472 Untrusted code can replace the XML DSIG implementation. CVE-2011-0025 Signatures on JAR files are not properly verified, which allows remote attackers to trick users into executing code that appears to come from a trusted source. CVE-2011-0706 The JNLPClassLoader class allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor In addition, this security update contains stability fixes, such as switching to the recommended Hotspot version for this particular version of OpenJDK.
Family: unix Class: patch
Reference(s): DSA-2224-1
CVE-2010-4351
CVE-2010-4448
CVE-2010-4450
CVE-2010-4465
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2011-0025
CVE-2011-0706
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13241
 
Oval ID: oval:org.mitre.oval:def:13241
Title: USN-1079-1 -- openjdk-6 vulnerabilities
Description: It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. Konstantin Preißer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor
Family: unix Class: patch
Reference(s): USN-1079-1
CVE-2010-4448
CVE-2010-4450
CVE-2010-4465
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4476
CVE-2011-0706
Version: 5
Platform(s): Ubuntu 10.10
Ubuntu 9.10
Ubuntu 10.04
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13407
 
Oval ID: oval:org.mitre.oval:def:13407
Title: USN-1079-3 -- openjdk-6b18 vulnerabilities
Description: USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes vulnerabilities in OpenJDK 6 for armel architectures for Ubuntu 10.10. Original advisory details: It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. Konstantin Preißer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor
Family: unix Class: patch
Reference(s): USN-1079-3
CVE-2010-4448
CVE-2010-4450
CVE-2010-4465
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4476
CVE-2011-0706
Version: 5
Platform(s): Ubuntu 10.10
Product(s): openjdk-6b18
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13733
 
Oval ID: oval:org.mitre.oval:def:13733
Title: USN-1079-2 -- openjdk-6b18 vulnerabilities
Description: USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel architectures. This update provides the corresponding updates for OpenJDK 6 for use with the armel architectures. In order to build the armel OpenJDK 6 update for Ubuntu 10.04 LTS, it was necessary to rebuild binutils and gcj-4.4 from Ubuntu 10.04 LTS updates. Original advisory details: It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. Konstantin Preißer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor
Family: unix Class: patch
Reference(s): USN-1079-2
CVE-2010-4448
CVE-2010-4450
CVE-2010-4465
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4476
CVE-2011-0706
Version: 5
Platform(s): Ubuntu 9.10
Ubuntu 10.04
Product(s): openjdk-6b18
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14117
 
Oval ID: oval:org.mitre.oval:def:14117
Title: The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."
Description: The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0706
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Development Kit
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3
Application 1

OpenVAS Exploits

Date Description
2011-10-21 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14638
File : nvt/gb_fedora_2011_14638_java-1.6.0-openjdk_fc14.nasl
2011-08-12 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-9523
File : nvt/gb_fedora_2011_9523_java-1.6.0-openjdk_fc14.nasl
2011-06-20 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8003
File : nvt/gb_fedora_2011_8003_java-1.6.0-openjdk_fc14.nasl
2011-06-20 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8020
File : nvt/gb_fedora_2011_8020_java-1.6.0-openjdk_fc13.nasl
2011-05-12 Name : Debian Security Advisory DSA 2224-1 (openjdk-6)
File : nvt/deb_2224_1.nasl
2011-04-01 Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk)
File : nvt/gb_mandriva_MDVSA_2011_054.nasl
2011-03-07 Name : Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1
File : nvt/gb_ubuntu_USN_1079_1.nasl
2011-02-18 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1631
File : nvt/gb_fedora_2011_1631_java-1.6.0-openjdk_fc13.nasl
2011-02-18 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1645
File : nvt/gb_fedora_2011_1645_java-1.6.0-openjdk_fc14.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
73765 OpenJDK Runtime Environment IcedTea-Web JNLPClassLoader Multiple Signer Remot...

Nessus® Vulnerability Scanner

Date Description
2014-06-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_java-1_6_0-openjdk-110228.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1079-2.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1079-3.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_java-1_6_0-openjdk-110228.nasl - Type : ACT_GATHER_INFO
2011-04-21 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2224.nasl - Type : ACT_GATHER_INFO
2011-03-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-054.nasl - Type : ACT_GATHER_INFO
2011-03-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1079-1.nasl - Type : ACT_GATHER_INFO
2011-02-17 Name : The remote Fedora host is missing a security update.
File : fedora_2011-1631.nasl - Type : ACT_GATHER_INFO
2011-02-17 Name : The remote Fedora host is missing a security update.
File : fedora_2011-1645.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/46439
CONFIRM http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/
DEBIAN http://www.debian.org/security/2011/dsa-2224
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2011-February/05411...
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/05413...
GENTOO http://security.gentoo.org/glsa/glsa-201406-32.xml
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2011:054
MISC https://bugzilla.redhat.com/show_bug.cgi?id=677332
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECUNIA http://secunia.com/advisories/43350
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/65534

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2020-05-23 00:27:47
  • Multiple Updates
2019-07-31 12:03:47
  • Multiple Updates
2017-09-19 09:24:13
  • Multiple Updates
2017-08-17 09:23:18
  • Multiple Updates
2016-04-26 20:32:46
  • Multiple Updates
2014-10-04 09:25:07
  • Multiple Updates
2014-07-01 13:24:54
  • Multiple Updates
2014-06-14 13:30:19
  • Multiple Updates
2014-02-17 11:00:28
  • Multiple Updates
2013-05-10 22:54:34
  • Multiple Updates