CVE-2013-1926

8 documents8 sources

Severity

5.8MEDIUM

EPSS

0.9%

top 24.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Icedtea-web Canonical Ubuntu Linux Opensuse Opensuse

Timeline

PublishedApr 29

Latest updateMay 14

Description

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages3 packages

▶Debianicedtea-web< 1.3.2-1+3

▶NVDredhat/icedtea-web1.2.2+19

▶NVDopensuse/opensuse12.2

Also affects: Ubuntu Linux 10.04, 11.10, 12.04, 12.10

🔴Vulnerability Details

GHSA

GHSA-vwgw-5wg9-mw8j: The IcedTea-Web plugin before 1↗2022-05-14

▶

OSV

CVE-2013-1926: The IcedTea-Web plugin before 1↗2013-04-29

▶

CVEList

CVE-2013-1926: The IcedTea-Web plugin before 1↗2013-04-29

▶

📋Vendor Advisories

Ubuntu

IcedTea-Web vulnerabilities↗2013-04-18

▶

Red Hat

icedtea-web: class loader sharing for applets with same codebase paths↗2013-04-17

▶

Debian

CVE-2013-1926: icedtea-web - The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class l...↗2013

▶

💬Community

Bugzilla

CVE-2013-1926 icedtea-web: class loader sharing for applets with same codebase paths↗2013-02-28

▶