CVE-2013-1926

high

Description

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.

References

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123

https://exchange.xforce.ibmcloud.com/vulnerabilities/83642

https://bugzilla.redhat.com/show_bug.cgi?id=916774

http://www.ubuntu.com/usn/USN-1804-1

http://www.securityfocus.com/bid/59281

http://www.mandriva.com/security/advisories?name=MDVSA-2013:146

http://secunia.com/advisories/53117

http://secunia.com/advisories/53109

http://rhn.redhat.com/errata/RHSA-2013-0753.html

http://osvdb.org/92543

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html

http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html

http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html

http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html

http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html

http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html

http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html

http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c

http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586

http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS

Details

Source: Mitre, NVD

Published: 2013-04-29

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High