CVE Vulnerabilities

CVE-2013-1926

Published: Apr 29, 2013 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
5.8 MODERATE
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V3
Ubuntu
MEDIUM

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.

Affected Software

Name Vendor Start Version End Version
Icedtea-web Redhat * 1.2.2 (including)
Icedtea-web Redhat 1.0 (including) 1.0 (including)
Icedtea-web Redhat 1.0.1 (including) 1.0.1 (including)
Icedtea-web Redhat 1.0.2 (including) 1.0.2 (including)
Icedtea-web Redhat 1.0.3 (including) 1.0.3 (including)
Icedtea-web Redhat 1.0.4 (including) 1.0.4 (including)
Icedtea-web Redhat 1.0.5 (including) 1.0.5 (including)
Icedtea-web Redhat 1.0.6 (including) 1.0.6 (including)
Icedtea-web Redhat 1.1 (including) 1.1 (including)
Icedtea-web Redhat 1.1.1 (including) 1.1.1 (including)
Icedtea-web Redhat 1.1.2 (including) 1.1.2 (including)
Icedtea-web Redhat 1.1.3 (including) 1.1.3 (including)
Icedtea-web Redhat 1.1.4 (including) 1.1.4 (including)
Icedtea-web Redhat 1.1.5 (including) 1.1.5 (including)
Icedtea-web Redhat 1.1.6 (including) 1.1.6 (including)
Icedtea-web Redhat 1.1.7 (including) 1.1.7 (including)
Icedtea-web Redhat 1.2 (including) 1.2 (including)
Icedtea-web Redhat 1.2.1 (including) 1.2.1 (including)
Icedtea-web Redhat 1.3 (including) 1.3 (including)
Icedtea-web Redhat 1.3.1 (including) 1.3.1 (including)
Icedtea-web Ubuntu devel *
Icedtea-web Ubuntu lucid *
Icedtea-web Ubuntu oneiric *
Icedtea-web Ubuntu precise *
Icedtea-web Ubuntu quantal *
Icedtea-web Ubuntu upstream *
Red Hat Enterprise Linux 6 RedHat icedtea-web-0:1.2.3-2.el6_4 *

References