Upstream information
Description
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 5 |
Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Access Vector | Network |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | None |
Availability Impact | None |
- openSUSE-SU-2011:0829-1, published Mon, 25 Jul 2011 13:08:28 +0200 (CEST)
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Desktop 12 |
| Patchnames: SUSE Linux Enterprise Desktop 12 GA java-1_7_0-openjdk-plugin |
SUSE Linux Enterprise Desktop 12 SP1 |
| Patchnames: SUSE Linux Enterprise Desktop 12 SP1 GA java-1_7_0-openjdk-plugin |
SUSE Linux Enterprise Desktop 12 SP2 |
| Patchnames: SUSE Linux Enterprise Desktop 12 SP2 GA java-1_7_0-openjdk-plugin |
SUSE Linux Enterprise Desktop 12 SP3 |
| Patchnames: SUSE Linux Enterprise Desktop 12 SP3 GA java-1_7_0-openjdk-plugin |
SUSE Linux Enterprise Desktop 12 SP4 |
| Patchnames: SUSE Linux Enterprise Desktop 12 SP4 GA java-1_7_0-openjdk-plugin |
SUSE Linux Enterprise Workstation Extension 12 |
| Patchnames: SUSE Linux Enterprise Workstation Extension 12 GA java-1_7_0-openjdk-plugin |
SUSE Linux Enterprise Workstation Extension 12 SP1 |
| Patchnames: SUSE Linux Enterprise Workstation Extension 12 SP1 GA java-1_7_0-openjdk-plugin |
SUSE Linux Enterprise Workstation Extension 12 SP2 |
| Patchnames: SUSE Linux Enterprise Workstation Extension 12 SP2 GA java-1_7_0-openjdk-plugin |
SUSE Linux Enterprise Workstation Extension 12 SP3 |
| Patchnames: SUSE Linux Enterprise Workstation Extension 12 SP3 GA java-1_7_0-openjdk-plugin |
SUSE Linux Enterprise Workstation Extension 12 SP4 |
| Patchnames: SUSE Linux Enterprise Workstation Extension 12 SP4 GA java-1_7_0-openjdk-plugin |
SUSE Linux Enterprise Workstation Extension 15 |
| Patchnames: SUSE Linux Enterprise Workstation Extension 15 GA icedtea-web |
openSUSE 11.3 openSUSE 11.4 |
| |
openSUSE 11.4 |
| Patchnames: icedtea-web |
openSUSE Leap 15.0 |
| Patchnames: openSUSE Leap 15.0 GA icedtea-web |
openSUSE Leap 42.1 |
| Patchnames: openSUSE Leap 42.1 GA icedtea-web-javadoc |
openSUSE Leap 42.2 |
| Patchnames: openSUSE Leap 42.2 GA icedtea-web-javadoc |
openSUSE Leap 42.3 |
| Patchnames: openSUSE Leap 42.3 GA icedtea-web-javadoc |
openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA icedtea-web-javadoc |