ID CVE-2013-1927
Summary The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
References
Vulnerable Configurations
  • IcedTea project IcedTea-Web 1.0
    cpe:2.3:a:redhat:icedtea-web:1.0
  • IcedTea project IcedTea-Web 1.0.1
    cpe:2.3:a:redhat:icedtea-web:1.0.1
  • IcedTea project IcedTea-Web 1.0.2
    cpe:2.3:a:redhat:icedtea-web:1.0.2
  • IcedTea project IcedTea-Web 1.0.3
    cpe:2.3:a:redhat:icedtea-web:1.0.3
  • Red Hat IcedTea-Web 1.0.4
    cpe:2.3:a:redhat:icedtea-web:1.0.4
  • Red Hat IcedTea-Web 1.0.5
    cpe:2.3:a:redhat:icedtea-web:1.0.5
  • Red Hat IcedTea-Web 1.0.6
    cpe:2.3:a:redhat:icedtea-web:1.0.6
  • IcedTea project IcedTea-Web 1.1
    cpe:2.3:a:redhat:icedtea-web:1.1
  • Red Hat IcedTea-Web 1.1.1
    cpe:2.3:a:redhat:icedtea-web:1.1.1
  • Red Hat IcedTea-Web 1.1.2
    cpe:2.3:a:redhat:icedtea-web:1.1.2
  • Red Hat IcedTea-Web 1.1.3
    cpe:2.3:a:redhat:icedtea-web:1.1.3
  • Red Hat IcedTea-Web 1.1.4
    cpe:2.3:a:redhat:icedtea-web:1.1.4
  • Red Hat IcedTea-Web 1.1.5
    cpe:2.3:a:redhat:icedtea-web:1.1.5
  • Red Hat IcedTea-Web 1.1.6
    cpe:2.3:a:redhat:icedtea-web:1.1.6
  • Red Hat IcedTea-Web 1.1.7
    cpe:2.3:a:redhat:icedtea-web:1.1.7
  • Red Hat IcedTea-Web 1.2
    cpe:2.3:a:redhat:icedtea-web:1.2
  • Red Hat IcedTea-Web 1.2.1
    cpe:2.3:a:redhat:icedtea-web:1.2.1
  • Red Hat IcedTea-Web 1.2.2
    cpe:2.3:a:redhat:icedtea-web:1.2.2
  • Red Hat IcedTea-Web 1.3
    cpe:2.3:a:redhat:icedtea-web:1.3
  • Red Hat IcedTea-Web 1.3.1
    cpe:2.3:a:redhat:icedtea-web:1.3.1
  • Canonical Ubuntu Linux 10.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts
  • Canonical Ubuntu Linux 11.10
    cpe:2.3:o:canonical:ubuntu_linux:11.10
  • Canonical Ubuntu Linux 12.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts
  • Canonical Ubuntu Linux 12.10
    cpe:2.3:o:canonical:ubuntu_linux:12.10
  • OpenSUSE 12.2
    cpe:2.3:o:opensuse:opensuse:12.2
CVSS
Base: 6.8 (as of 30-04-2013 - 10:33)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-371.NASL
    description - update to 1.3.2 (bnc#815596) - Security Updates - CVE-2013-1927, RH884705: fixed gifar vulnerability - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - Common - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized. - NetX - PR580: http://www.horaoficial.cl/ loads improperly - Plugin - PR1260: IcedTea-Web should not rely on GTK obsoletes icedtea-web-remove-gtk-dep.patch - PR1157: Applets can hang browser after fatal exception - Add icedtea-web-remove-gtk-dep.patch, build icedtea-web without GTK. Plugin now works in both gtk2 and gtk3 based browsers. - limit the provides/obsoletes to architectures, where -plugin package existed and don't pollute shiny new arm with an old garbage - handle the package renaming on arm properly
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 74979
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74979
    title openSUSE Security Update : icedtea-web (openSUSE-SU-2013:0715-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_ICEDTEA-WEB-130419.NASL
    description This update to version 1.3.2 fixes several security updates and common fixes. (bnc#815596) Security Updates - fixed gifar vulnerability. (CVE-2013-1927) - Class-loader incorrectly shared for applets with same relative-path. Common. (CVE-2013-1926) - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized. NetX - PR580: http://www.horaoficial.cl/ loads improperly Plugin - PR1260: IcedTea-Web should not rely on GTK obsoletes icedtea-web-remove-gtk-dep.patch - PR1157: Applets can hang browser after fatal exception
    last seen 2019-01-16
    modified 2013-10-25
    plugin id 66253
    published 2013-04-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66253
    title SuSE 11.2 Security Update : icedtea-web (SAT Patch Number 7642)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0753.NASL
    description Updated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. It was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains. A malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser. (CVE-2013-1926) The IcedTea-Web plug-in did not properly check the format of the downloaded Java Archive (JAR) files. This could cause the plug-in to execute code hidden in a file in a different format, possibly allowing attackers to execute code in the context of websites that allow uploads of specific file types, known as a GIFAR attack. (CVE-2013-1927) The CVE-2013-1926 issue was discovered by Jiri Vanek of the Red Hat OpenJDK Team, and CVE-2013-1927 was discovered by the Red Hat Security Response Team. This erratum also upgrades IcedTea-Web to version 1.2.3. Refer to the NEWS file, linked to in the References, for further information. All IcedTea-Web users should upgrade to these updated packages, which resolve these issues. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 66003
    published 2013-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66003
    title CentOS 6 : icedtea-web (CESA-2013:0753)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1804-1.NASL
    description Jiri Vanek discovered that IcedTea-Web would use the same classloader for applets from different domains. A remote attacker could exploit this to expose sensitive information or potentially manipulate applets from other domains. (CVE-2013-1926) It was discovered that IcedTea-Web did not properly verify JAR files and was susceptible to the GIFAR attack. If a user were tricked into opening a malicious website, a remote attacker could potentially exploit this to execute code under certain circumstances. (CVE-2013-1927). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 66032
    published 2013-04-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66032
    title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : icedtea-web vulnerabilities (USN-1804-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-372.NASL
    description - update to 1.3.2 (bnc#815596) - Security Updates - CVE-2013-1927, RH884705: fixed gifar vulnerability - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - Common - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized. - NetX - PR580: http://www.horaoficial.cl/ loads improperly - Plugin - PR1260: IcedTea-Web should not rely on GTK obsoletes icedtea-web-remove-gtk-dep.patch - PR1157: Applets can hang browser after fatal exception
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 74980
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74980
    title openSUSE Security Update : icedtea-web (openSUSE-SU-2013:0735-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130417_ICEDTEA_WEB_ON_SL6_X.NASL
    description It was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains. A malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser. (CVE-2013-1926) The IcedTea-Web plug-in did not properly check the format of the downloaded Java Archive (JAR) files. This could cause the plug-in to execute code hidden in a file in a different format, possibly allowing attackers to execute code in the context of websites that allow uploads of specific file types, known as a GIFAR attack. (CVE-2013-1927) This erratum also upgrades IcedTea-Web to version 1.2.3. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-12-31
    plugin id 66017
    published 2013-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66017
    title Scientific Linux Security Update : icedtea-web on SL6.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_ICEDTEA-WEB-130517.NASL
    description This update of icedtea-web fixes several bugs and security issues.
    last seen 2018-09-02
    modified 2013-10-25
    plugin id 66741
    published 2013-06-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66741
    title SuSE 11.2 Security Update : icedtea-web (SAT Patch Number 7742)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-373.NASL
    description - update to 1.3.2 (bnc#815596) - Security Updates - CVE-2013-1927, RH884705: fixed gifar vulnerability - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - Common - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized. - NetX - PR580: http://www.horaoficial.cl/ loads improperly - Plugin - PR1260: IcedTea-Web should not rely on GTK obsoletes icedtea-web-remove-gtk-dep.patch - PR1157: Applets can hang browser after fatal exception
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 74981
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74981
    title openSUSE Security Update : icedtea-web (openSUSE-SU-2013:0897-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_ICEDTEA-WEB-130702.NASL
    description This update to IcedTea-Web 1.4 provides the following fixes and enhancements : - Security updates - RH916774: Class-loader incorrectly shared for applets with same relative-path. (CVE-2013-1926) - RH884705: fixed gifar vulnerabilit. (CVE-2013-1927) - RH840592: Potential read from an uninitialized memory location. (CVE-2012-3422) - RH841345: Incorrect handling of not 0-terminated strings. (CVE-2012-3423) - RH884705: fixed gifar vulnerability. (CVE-2013-1927) - RH916774: Class-loader incorrectly shared for applets with same relative-path. (CVE-2013-1926) - NetX - PR1027: DownloadService is not supported by IcedTea-Web - PR725: JNLP applications will prompt for creating desktop shortcuts every time they are run - PR1292: Javaws does not resolve versioned jar names with periods correctly - PR580: http://www.horaoficial.cl/ loads improperly. - Plugin - PR1106: Buffer overflow in plugin table- - PR1166: Embedded JNLP File is not supported in applet tag - PR1217: Add command line arguments for plugins - PR1189: Icedtea-plugin requires code attribute when using jnlp_href - PR1198: JSObject is not passed to JavaScript correctly - PR1260: IcedTea-Web should not rely on GTK - PR1157: Applets can hang browser after fatal exception - PR580: http://www.horaoficial.cl/ loads improperly - PR1260: IcedTea-Web should not rely on GTK - PR1157: Applets can hang browser after fatal exception. - Common - PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered - PR955: regression: SweetHome3D fails to run - PR1145: IcedTea-Web can cause ClassCircularityError - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7 - PR822: Applets fail to load if jars have different signers - PR1186: System.getProperty('deployment.user.security.trusted.cac erts') is null - PR909: The Java applet at http://de.gosupermodel.com/games/wardrobegame.jsp fails - PR1299: WebStart doesn't read socket proxy settings from firefox correctly. - Added cs, de, pl localization - Splash screen for javaws and plugin - Better error reporting for plugin via Error-splash-screen - All IcedTea-Web dialogues are centered to middle of active screen - Download indicator made compact for more then one jar - User can select its own JVM via itw-settings and deploy.properties - Added extended applets security settings and dialogue - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized - Fixed a build failure with older xulrunner - Changed strict openjdk6 dependencies to anything java-openjdk >= 1.6.0.
    last seen 2019-01-16
    modified 2014-05-22
    plugin id 68953
    published 2013-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68953
    title SuSE 11.3 Security Update : icedtea-web (SAT Patch Number 7981)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0753.NASL
    description From Red Hat Security Advisory 2013:0753 : Updated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. It was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains. A malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser. (CVE-2013-1926) The IcedTea-Web plug-in did not properly check the format of the downloaded Java Archive (JAR) files. This could cause the plug-in to execute code hidden in a file in a different format, possibly allowing attackers to execute code in the context of websites that allow uploads of specific file types, known as a GIFAR attack. (CVE-2013-1927) The CVE-2013-1926 issue was discovered by Jiri Vanek of the Red Hat OpenJDK Team, and CVE-2013-1927 was discovered by the Red Hat Security Response Team. This erratum also upgrades IcedTea-Web to version 1.2.3. Refer to the NEWS file, linked to in the References, for further information. All IcedTea-Web users should upgrade to these updated packages, which resolve these issues. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 68813
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68813
    title Oracle Linux 6 : icedtea-web (ELSA-2013-0753)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1804-2.NASL
    description USN-1804-1 fixed vulnerabilities in IcedTea-Web. This update introduced a regression with the Java Network Launching Protocol (JNLP) when fetching content over SSL under certain configurations, such as when using the community-supported IcedTead 7 browser plugin. This update fixes the problem. We apologize for the inconvenience. Jiri Vanek discovered that IcedTea-Web would use the same classloader for applets from different domains. A remote attacker could exploit this to expose sensitive information or potentially manipulate applets from other domains. (CVE-2013-1926) It was discovered that IcedTea-Web did not properly verify JAR files and was susceptible to the GIFAR attack. If a user were tricked into opening a malicious website, a remote attacker could potentially exploit this to execute code under certain circumstances. (CVE-2013-1927). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 66199
    published 2013-04-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66199
    title Ubuntu 11.10 / 12.04 LTS : icedtea-web regression (USN-1804-2)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0753.NASL
    description Updated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. It was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains. A malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser. (CVE-2013-1926) The IcedTea-Web plug-in did not properly check the format of the downloaded Java Archive (JAR) files. This could cause the plug-in to execute code hidden in a file in a different format, possibly allowing attackers to execute code in the context of websites that allow uploads of specific file types, known as a GIFAR attack. (CVE-2013-1927) The CVE-2013-1926 issue was discovered by Jiri Vanek of the Red Hat OpenJDK Team, and CVE-2013-1927 was discovered by the Red Hat Security Response Team. This erratum also upgrades IcedTea-Web to version 1.2.3. Refer to the NEWS file, linked to in the References, for further information. All IcedTea-Web users should upgrade to these updated packages, which resolve these issues. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 66015
    published 2013-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66015
    title RHEL 6 : icedtea-web (RHSA-2013:0753)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-439.NASL
    description Changes in icedtea-web with update to 1.4 (bnc#818768) : - Added cs, de, pl localization - Splash screen for javaws and plugin - Better error reporting for plugin via Error-splash-screen - All IcedTea-Web dialogues are centered to middle of active screen - Download indicator made compact for more then one jar - User can select its own JVM via itw-settings and deploy.properties. - Added extended applets security settings and dialogue - Security updates - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - CVE-2013-1927, RH884705: fixed gifar vulnerabilit - CVE-2012-3422, RH840592: Potential read from an uninitialized memory location - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings - NetX - PR1027: DownloadService is not supported by IcedTea-Web - PR725: JNLP applications will prompt for creating desktop shortcuts every time they are run - PR1292: Javaws does not resolve versioned jar names with periods correctly - Plugin - PR1106: Buffer overflow in plugin table- - PR1166: Embedded JNLP File is not supported in applet tag - PR1217: Add command line arguments for plugins - PR1189: Icedtea-plugin requires code attribute when using jnlp_href - PR1198: JSObject is not passed to JavaScript correctly - PR1260: IcedTea-Web should not rely on GTK - PR1157: Applets can hang browser after fatal exception - PR580: http://www.horaoficial.cl/ loads improperly - Common - PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered - PR955: regression: SweetHome3D fails to run - PR1145: IcedTea-Web can cause ClassCircularityError - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7 - PR822: Applets fail to load if jars have different signers - PR1186: System.getProperty('deployment.user.security.trusted.cac erts') is null - PR909: The Java applet at http://de.gosupermodel.com/games/wardrobegame.jsp fails - PR1299: WebStart doesn't read socket proxy settings from firefox correctly
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 75010
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75010
    title openSUSE Security Update : icedtea-web (openSUSE-SU-2013:0893-1)
redhat via4
advisories
bugzilla
id 916774
title CVE-2013-1926 icedtea-web: class loader sharing for applets with same codebase paths
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhsa:tst:20100842001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhsa:tst:20100842002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20100842003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20100842004
  • OR
    • AND
      • comment icedtea-web is earlier than 0:1.2.3-2.el6_4
        oval oval:com.redhat.rhsa:tst:20130753005
      • comment icedtea-web is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111100006
    • AND
      • comment icedtea-web-javadoc is earlier than 0:1.2.3-2.el6_4
        oval oval:com.redhat.rhsa:tst:20130753007
      • comment icedtea-web-javadoc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111100008
rhsa
id RHSA-2013:0753
released 2013-04-17
severity Moderate
title RHSA-2013:0753: icedtea-web security update (Moderate)
rpms
  • icedtea-web-0:1.2.3-2.el6_4
  • icedtea-web-javadoc-0:1.2.3-2.el6_4
refmap via4
bid 59286
confirm
mandriva MDVSA-2013:146
misc
mlist [distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!
osvdb 92544
secunia
  • 53109
  • 53117
suse
  • SUSE-SU-2013:0851
  • SUSE-SU-2013:1174
  • openSUSE-SU-2013:0715
  • openSUSE-SU-2013:0735
  • openSUSE-SU-2013:0826
  • openSUSE-SU-2013:0893
  • openSUSE-SU-2013:0897
  • openSUSE-SU-2013:0966
ubuntu USN-1804-1
xf icedtea-cve20131927-sec-bypass(83640)
Last major update 22-08-2013 - 02:51
Published 29-04-2013 - 18:55
Last modified 30-10-2018 - 12:27
Back to Top