Vulnerability Description
IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Icedtea | 1.7 |
Related Weaknesses (CWE)
References
- http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-relePatch
- http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset%3Bnode=3bd
- http://secunia.com/advisories/43135Vendor Advisory
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://www.debian.org/security/2011/dsa-2224
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:054
- http://www.securityfocus.com/bid/46110
- http://www.ubuntu.com/usn/USN-1055-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65151
- http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-relePatch
- http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset%3Bnode=3bd
- http://secunia.com/advisories/43135Vendor Advisory
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://www.debian.org/security/2011/dsa-2224
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:054
FAQ
What is CVE-2011-0025?
CVE-2011-0025 is a vulnerability with a CVSS score of 6.8 (MEDIUM). IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remo...
How severe is CVE-2011-0025?
CVE-2011-0025 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-0025?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Icedtea.