AVG-1017

Package icedtea-web
Status Vulnerable
Severity High
Type multiple issues
Affected 1.7-1
Fixed Unknown
Current 1.7-1 [extra]
Ticket Create
Created Fri Aug 2 13:45:31 2019
Issue Severity Remote Type Description
CVE-2019-10185 High Yes Directory traversal
It was found that icedtea-web was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to...
CVE-2019-10182 High Yes Directory traversal
It was found that icedtea-web did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially...
CVE-2019-10181 High Yes Insufficient validation
It was found that executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject...