what you don't know can hurt you
Showing 1 - 4 of 4 RSS Feed

CVE-2011-3377

Status Candidate

Overview

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.

Related Files

Debian Security Advisory 2420-1
Posted Feb 29, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2420-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform.

tags | advisory, java, vulnerability
systems | linux, debian
advisories | CVE-2011-3377, CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507
SHA-256 | fa1b83bdce1c8a57ecb30bfd91b17d3c396d3e17e373a4a5a9bbff32d14720f2
Ubuntu Security Notice USN-1263-1
Posted Nov 17, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1263-1 - Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. Juliano Rizzo and Thai Duong discovered that the block-wise AES encryption algorithm block-wise as used in TLS/SSL was vulnerable to a chosen-plaintext attack. This could allow a remote attacker to view confidential data. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2011-3377, CVE-2011-3389, CVE-2011-3521, CVE-2011-3544, CVE-2011-3547, CVE-2011-3548, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560
SHA-256 | e680bb4623894a3ca25991e365c4088d66f2764116df9d3747585f7fab459a39
Mandriva Linux Security Advisory 2011-170
Posted Nov 12, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-170 - Security issues were identified and fixed in openjdk (Icedtea6) and icedtea-web. IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

tags | advisory, java, remote, web
systems | linux, mandriva
advisories | CVE-2011-3547, CVE-2011-3548, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3544, CVE-2011-3521, CVE-2011-3554, CVE-2011-3389, CVE-2011-3558, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3377
SHA-256 | e2c7f52186f217d479f8d33ec72b7002da0b148f003d9142d6a982774c54a2e1
Red Hat Security Advisory 2011-1441-01
Posted Nov 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1441-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was found in the same-origin policy implementation in the IcedTea-Web browser plug-in. A malicious Java applet could use this flaw to open network connections to hosts other than the originating host, violating the same-origin policy. All IcedTea-Web users should upgrade to these updated packages, which upgrade IcedTea-Web to version 1.0.6 to correct this issue. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2011-3377
SHA-256 | e475f500757b9400cbbd2125fc824c4792f4fcdfd60fd5d87492b02b1589069b
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close