CVE-2011-2514 — MEDIUM (6.8)

Q: How severe is CVE-2011-2514?

CVE-2011-2514 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-2514?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Icedtea-Web, Redhat Icedtea6.

Vulnerability Description

The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Redhat	Icedtea-Web	<= 1.0.3
Redhat	Icedtea6	<= 1.8.8

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2011-2514?

CVE-2011-2514 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims...

How severe is CVE-2011-2514?

CVE-2011-2514 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-2514?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Icedtea-Web, Redhat Icedtea6.