Bug 718170 (CVE-2011-2514) - CVE-2011-2514 icedtea-web: Java Web Start security warning dialog manipulation
Summary: CVE-2011-2514 icedtea-web: Java Web Start security warning dialog manipulation
Alias: CVE-2011-2514
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 718180 718181 723556
Blocks: 717859
TreeView+ depends on / blocked
Reported: 2011-07-01 09:16 UTC by Tomas Hoger
Modified: 2019-09-29 12:45 UTC (History)
6 users (show)

Fixed In Version: icedtea-web 1.0.4, icedtea-web 1.1.1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-07-27 15:06:24 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1100 0 normal SHIPPED_LIVE Moderate: icedtea-web security update 2011-07-27 14:52:37 UTC

Description Tomas Hoger 2011-07-01 09:16:31 UTC
Omair Majid discovered a flaw in the JNLP (Java Network Launching Protocol) implementation used in IcedTea-web. An unsigned Java Web Start application could use this flaw to manipulate content of the Security Warning dialog to show different file name than the one access to which was requested by the applications. This could confuse user to grant unintended access to local files.

Note: This issue does not affect JNLP implementation as currently used in IcedTea, as it contains older version of the code that does not include file name in the access request prompt. Instead the prompt says "The application has requested (read|write) access to a file on the machine. Do you want to allow this action?", which does not allow user to determine which file the application requests access to.

Comment 5 errata-xmlrpc 2011-07-27 14:52:43 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:1100 https://rhn.redhat.com/errata/RHSA-2011-1100.html

Comment 6 Tomas Hoger 2011-07-27 15:06:24 UTC
Also fixed in Fedora FEDORA-2011-9541.

Note You need to log in before you can comment on or make changes to this bug.