4.3

CVE-2011-3377

EPSS 0.97%
Veröffentlicht 05.02.2014 19:55:28
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Icedtea-web Version1.0

Redhat ≫ Icedtea-web Version1.0.1

Redhat ≫ Icedtea-web Version1.0.2

Redhat ≫ Icedtea-web Version1.0.3

Redhat ≫ Icedtea-web Version1.0.4

Redhat ≫ Icedtea-web Version1.0.5

Redhat ≫ Icedtea-web Version1.1

Redhat ≫ Icedtea-web Version1.1.1

Redhat ≫ Icedtea-web Version1.1.2

Redhat ≫ Icedtea-web Version1.1.3

Canonical ≫ Ubuntu Linux Version10.04 Update- Editionlts

Canonical ≫ Ubuntu Linux Version10.10

Canonical ≫ Ubuntu Linux Version11.04

Canonical ≫ Ubuntu Linux Version11.10

Opensuse ≫ Opensuse Version12.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.97%	0.746

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://www.ubuntu.com/usn/USN-1263-1

http://www.debian.org/security/2012/dsa-2420

http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/

Patch

Vendor Advisory

http://lists.opensuse.org/opensuse-updates/2012-03/msg00028.html

http://rhn.redhat.com/errata/RHSA-2011-1441.html

http://www.osvdb.org/76940

http://www.securityfocus.com/bid/50610

https://bugzilla.redhat.com/show_bug.cgi?id=742515

https://nvd.nist.gov/vuln/detail/CVE-2011-3377

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-3377

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-3377

EUVD