4.3
CVE-2011-3377
- EPSS 0.97%
- Published 05.02.2014 19:55:28
- Last modified 11.04.2025 00:51:21
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.
Data is provided by the National Vulnerability Database (NVD)
Redhat ≫ Icedtea-web Version1.0
Redhat ≫ Icedtea-web Version1.0.1
Redhat ≫ Icedtea-web Version1.0.2
Redhat ≫ Icedtea-web Version1.0.3
Redhat ≫ Icedtea-web Version1.0.4
Redhat ≫ Icedtea-web Version1.0.5
Redhat ≫ Icedtea-web Version1.1
Redhat ≫ Icedtea-web Version1.1.1
Redhat ≫ Icedtea-web Version1.1.2
Redhat ≫ Icedtea-web Version1.1.3
Canonical ≫ Ubuntu Linux Version10.04 Update- Editionlts
Canonical ≫ Ubuntu Linux Version10.10
Canonical ≫ Ubuntu Linux Version11.04
Canonical ≫ Ubuntu Linux Version11.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.97% | 0.746 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|