NVD

Id
10029  
Name
CVE-2011-3377  
Description
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-07  
Published
2014-02-05  
Modified Date
2014-02-06  
Seq
2011-3377  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
57518 10029 CVE-2011-3377 http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/  View
57519 10029 CVE-2011-3377 openSUSE-SU-2012:0371  View
57520 10029 CVE-2011-3377 RHSA-2011:1441  View
57521 10029 CVE-2011-3377 DSA-2420  View
57522 10029 CVE-2011-3377 50610  View
57523 10029 CVE-2011-3377 USN-1263-1  View
57524 10029 CVE-2011-3377 https://bugzilla.redhat.com/show_bug.cgi?id=742515  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
35025 JVNDB-2011-005267 IcedTea-Web の Web ブラウザプラグインにおける同一生成元ポリシーを回避される脆弱性 IcedTea-Web の Web ブラウザプラグインには、同一生成元ポリシーを回避され、任意のスクリプトを実行される、または意図しないホストに対するネットワーク接続を確立される脆弱性が存在します。 CVE-2011-3377 51284 CVE-2011-3377 10029 4.3 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005267.html 2011-11-08 2014-02-10 View