Unrated severityNVD Advisory· Published Feb 19, 2011· Updated Apr 29, 2026

CVE-2011-0706

Description

The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."

Affected products

Red Hat/Icedtea Web3 versions
cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.0.1:pre:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.0:pre:*:*:*:*:*:*
Sun Corporation/Jdk
cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/nvdPatch
secunia.com/advisories/43350nvdVendor Advisory
lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.htmlnvd
lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.htmlnvd
security.gentoo.org/glsa/glsa-201406-32.xmlnvd
www.debian.org/security/2011/dsa-2224nvd
www.mandriva.com/security/advisoriesnvd
www.securityfocus.com/bid/46439nvd
bugzilla.redhat.com/show_bug.cginvd
exchange.xforce.ibmcloud.com/vulnerabilities/65534nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000