VYPR
Unrated severityNVD Advisory· Published Feb 4, 2011· Updated Jun 16, 2026

CVE-2011-0025

CVE-2011-0025

Description

IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

19
  • Red Hat/Icedtea18 versions
    cpe:2.3:a:redhat:icedtea:1.7:*:*:*:*:*:*:*+ 17 more
    • cpe:2.3:a:redhat:icedtea:1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:icedtea:1.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:icedtea:1.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:icedtea:1.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:icedtea:1.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:icedtea:1.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:icedtea:1.7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:icedtea:1.7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:icedtea:1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:icedtea:1.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:icedtea:1.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:icedtea:1.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:icedtea:1.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:icedtea:1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:icedtea:1.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:icedtea:1.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:icedtea:1.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:icedtea:1.9.4:*:*:*:*:*:*:*
  • IcedTea/IcedTea6llm-fuzzy
    Range: <1.7.8, <1.8.5, <1.9.5

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.