CVE-2011-0025 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2011-0025 Interim 1 7 2023-12-09T01:52:33Z current 2021-05-30T12:55:33Z 2023-12-09T01:52:33Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2011-0025 IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AFWLMCJNXB3BJ4OYKWK57JR4IE35SOBC/#AFWLMCJNXB3BJ4OYKWK57JR4IE35SOBC E-Mail link for SUSE-SR:2011:003 https://www.suse.com/support/security/rating/ SUSE Security Ratings IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source. CVE-2011-0025 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P