Published: 29/04/2013 Updated: 30/10/2018

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

The IcedTea-Web plugin prior to 1.2.3 and 1.3.x prior to 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote malicious users to obtain sensitive information or possibly alter other applets via a crafted applet.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat icedtea-web 1.0
redhat icedtea-web 1.0.5
redhat icedtea-web 1.0.6
redhat icedtea-web 1.1.6
redhat icedtea-web 1.1.7
redhat icedtea-web 1.0.1
redhat icedtea-web 1.0.2
redhat icedtea-web 1.1.2
redhat icedtea-web 1.1.3
redhat icedtea-web
redhat icedtea-web 1.3
redhat icedtea-web 1.1
redhat icedtea-web 1.1.1
redhat icedtea-web 1.2
redhat icedtea-web 1.2.1
redhat icedtea-web 1.0.3
redhat icedtea-web 1.0.4
redhat icedtea-web 1.1.4
redhat icedtea-web 1.1.5
redhat icedtea-web 1.3.1
canonical ubuntu linux 12.10
canonical ubuntu linux 12.04
canonical ubuntu linux 11.10
canonical ubuntu linux 10.04
opensuse opensuse 12.2

Synopsis Moderate: icedtea-web security update Type/Severity Security Advisory: Moderate Topic Updated icedtea-web packages that fix two security issues are now availablefor Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerab ...

Two security issues were fixed in IcedTea-Web ...

Due to a regression, IcedTea-Web might not be able to access some sites ...

The IcedTea-Web plugin before 123 and 13x before 132 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet ...

CVE-2013-1926

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect