CVE-2013-6493

CWE-200Information ExposureCWE-3778 documents8 sources
Severity
2.1LOW
EPSS
0.1%
top 81.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Icedtea-web
Timeline
PublishedMar 3
Latest updateMay 17

Description

The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

Debianicedtea-web< 1.4.2-1+3
NVDredhat/icedtea-web1.3.2+19

Patches

Patch: icedtea.classpath.orgPatch: icedtea.classpath.org

🔴Vulnerability Details

3
GHSA
GHSA-5rjx-hhcc-fqph: The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin2022-05-17
CVEList
CVE-2013-6493: The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin2014-03-03
OSV
CVE-2013-6493: The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin2014-03-03

📋Vendor Advisories

3
Ubuntu
IcedTea Web vulnerability2014-03-06
Red Hat
icedtea-web: insecure temporary file use flaw in LiveConnect implementation2014-02-05
Debian
CVE-2013-6493: icedtea-web - The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea...2013

💬Community

1
Bugzilla
CVE-2013-6493 icedtea-web: insecure temporary file use flaw in LiveConnect implementation2013-09-23
CVE-2013-6493 (LOW CVSS 2.1) | The LiveConnect implementation in p | cvebase.io