CVE-2011-3377

Related Files

Debian Security Advisory 2420-1

Posted Feb 29, 2012

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2420-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform.

tags | advisory, java, vulnerability

systems | linux, debian

advisories | CVE-2011-3377, CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507

SHA-256 | fa1b83bdce1c8a57ecb30bfd91b17d3c396d3e17e373a4a5a9bbff32d14720f2

Download | Favorite | View

Ubuntu Security Notice USN-1263-1

Posted Nov 17, 2011

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1263-1 - Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. Juliano Rizzo and Thai Duong discovered that the block-wise AES encryption algorithm block-wise as used in TLS/SSL was vulnerable to a chosen-plaintext attack. This could allow a remote attacker to view confidential data. Various other issues were also addressed.

tags | advisory, remote, web

systems | linux, ubuntu

advisories | CVE-2011-3377, CVE-2011-3389, CVE-2011-3521, CVE-2011-3544, CVE-2011-3547, CVE-2011-3548, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560

SHA-256 | e680bb4623894a3ca25991e365c4088d66f2764116df9d3747585f7fab459a39

Download | Favorite | View

Mandriva Linux Security Advisory 2011-170

Posted Nov 12, 2011

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-170 - Security issues were identified and fixed in openjdk (Icedtea6) and icedtea-web. IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

tags | advisory, java, remote, web

systems | linux, mandriva

advisories | CVE-2011-3547, CVE-2011-3548, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3544, CVE-2011-3521, CVE-2011-3554, CVE-2011-3389, CVE-2011-3558, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3377

SHA-256 | e2c7f52186f217d479f8d33ec72b7002da0b148f003d9142d6a982774c54a2e1

Download | Favorite | View

Red Hat Security Advisory 2011-1441-01

Posted Nov 9, 2011

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1441-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was found in the same-origin policy implementation in the IcedTea-Web browser plug-in. A malicious Java applet could use this flaw to open network connections to hosts other than the originating host, violating the same-origin policy. All IcedTea-Web users should upgrade to these updated packages, which upgrade IcedTea-Web to version 1.0.6 to correct this issue. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.

tags | advisory, java, web

systems | linux, redhat

advisories | CVE-2011-3377

SHA-256 | e475f500757b9400cbbd2125fc824c4792f4fcdfd60fd5d87492b02b1589069b

Download | Favorite | View