CVE Vulnerabilities

CVE-2013-1926

Published: Apr 29, 2013 | Modified: Apr 11, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
5.8 MODERATE
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V3
Ubuntu
MEDIUM
root.io minimus.io echohq.com

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.

Affected Software

Name Vendor Start Version End Version
Icedtea-web Redhat * 1.2.2 (including)
Icedtea-web Redhat 1.0 (including) 1.0 (including)
Icedtea-web Redhat 1.0.1 (including) 1.0.1 (including)
Icedtea-web Redhat 1.0.2 (including) 1.0.2 (including)
Icedtea-web Redhat 1.0.3 (including) 1.0.3 (including)
Icedtea-web Redhat 1.0.4 (including) 1.0.4 (including)
Icedtea-web Redhat 1.0.5 (including) 1.0.5 (including)
Icedtea-web Redhat 1.0.6 (including) 1.0.6 (including)
Icedtea-web Redhat 1.1 (including) 1.1 (including)
Icedtea-web Redhat 1.1.1 (including) 1.1.1 (including)
Icedtea-web Redhat 1.1.2 (including) 1.1.2 (including)
Icedtea-web Redhat 1.1.3 (including) 1.1.3 (including)
Icedtea-web Redhat 1.1.4 (including) 1.1.4 (including)
Icedtea-web Redhat 1.1.5 (including) 1.1.5 (including)
Icedtea-web Redhat 1.1.6 (including) 1.1.6 (including)
Icedtea-web Redhat 1.1.7 (including) 1.1.7 (including)
Icedtea-web Redhat 1.2 (including) 1.2 (including)
Icedtea-web Redhat 1.2.1 (including) 1.2.1 (including)
Icedtea-web Redhat 1.3 (including) 1.3 (including)
Icedtea-web Redhat 1.3.1 (including) 1.3.1 (including)
Red Hat Enterprise Linux 6 RedHat icedtea-web-0:1.2.3-2.el6_4 *
Icedtea-web Ubuntu devel *
Icedtea-web Ubuntu lucid *
Icedtea-web Ubuntu oneiric *
Icedtea-web Ubuntu precise *
Icedtea-web Ubuntu quantal *
Icedtea-web Ubuntu upstream *

References