ID CVE-2013-1926
Summary The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet. Per http://www.ubuntu.com/usn/USN-1804-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 Ubuntu 10.04 LTS" Per http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html "Affected Products: openSUSE 12.2"
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea-web:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea-web:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
redhat via4
advisories
rhsa
id RHSA-2013:0753
rpms
  • icedtea-web-0:1.2.3-2.el6_4
  • icedtea-web-debuginfo-0:1.2.3-2.el6_4
  • icedtea-web-javadoc-0:1.2.3-2.el6_4
refmap via4
bid 59281
confirm
mandriva MDVSA-2013:146
misc
mlist [distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!
osvdb 92543
secunia
  • 53109
  • 53117
suse
  • SUSE-SU-2013:0851
  • SUSE-SU-2013:1174
  • openSUSE-SU-2013:0715
  • openSUSE-SU-2013:0735
  • openSUSE-SU-2013:0826
  • openSUSE-SU-2013:0893
  • openSUSE-SU-2013:0897
  • openSUSE-SU-2013:0966
ubuntu USN-1804-1
xf icedtea-cve20131940-security-bypass(83642)
Last major update 30-10-2018 - 16:27
Published 29-04-2013 - 22:55
Last modified 30-10-2018 - 16:27
Back to Top