Vulnerability Details : CVE-2013-1926
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.
Products affected by CVE-2013-1926
- cpe:2.3:a:redhat:icedtea-web:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-1926
0.46%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1926
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
References for CVE-2013-1926
-
https://bugzilla.redhat.com/show_bug.cgi?id=916774
916774 – (CVE-2013-1926) CVE-2013-1926 icedtea-web: class loader sharing for applets with same codebase paths
-
http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html
openSUSE-SU-2013:0715-1: moderate: update for icedtea-web
-
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html
IcedTea-Web 1.3.2 and 1.2.3 released!
-
http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html
openSUSE-SU-2013:0826-1: moderate: Package icedtea-web was updated to ve
-
http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS
release/icedtea-web-1.2: 89bbadb66b07 NEWS
-
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html
[security-announce] SUSE-SU-2013:0851-1: important: Security update for
-
http://www.securityfocus.com/bid/59281
IcedTea-Web CVE-2013-1926 Security Bypass Vulnerability
-
http://www.ubuntu.com/usn/USN-1804-1
USN-1804-1: IcedTea-Web vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html
openSUSE-SU-2013:0893-1: moderate: Package icedtea-web was updated to ve
-
http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html
openSUSE-SU-2013:0966-1: moderate: Package icedtea-web was updated to ve
-
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html
[security-announce] SUSE-SU-2013:1174-1: important: Security update for
-
http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c
release/icedtea-web-1.3: 25dd7c7ac39c
-
http://rhn.redhat.com/errata/RHSA-2013-0753.html
RHSA-2013:0753 - Security Advisory - Red Hat Customer Portal
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:146
mandriva.com
-
http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html
openSUSE-SU-2013:0897-1: moderate: update for icedtea-web
-
http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html
openSUSE-SU-2013:0735-1: moderate: update for icedtea-web
-
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123
Support/Advisories/MGASA-2013-0123 - Mageia wiki
-
http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586
release/icedtea-web-1.2: 34b6f60ae586
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/83642
IcedTea-Web Plugin security bypass CVE-2013-1926 Vulnerability Report
Jump to