CVE-2011-0025 in IcedTeainfo

Summary

IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

12/07/2010

Disclosure

02/04/2011

Moderation

VulDB entry created

Entries

VDB-56352 (1)

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

7.3

EPSS

0.01540

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-0025
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-0025
CVE Details	https://www.cvedetails.com/cve/CVE-2011-0025/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!