CVE-2013-1926

MEDIUM

Description

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.

References

http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS

http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586

http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html

http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html

http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html

http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html

http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html

http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html

http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html

http://osvdb.org/92543

http://rhn.redhat.com/errata/RHSA-2013-0753.html

http://secunia.com/advisories/53109

http://secunia.com/advisories/53117

http://www.mandriva.com/security/advisories?name=MDVSA-2013:146

http://www.securityfocus.com/bid/59281

http://www.ubuntu.com/usn/USN-1804-1

https://bugzilla.redhat.com/show_bug.cgi?id=916774

https://exchange.xforce.ibmcloud.com/vulnerabilities/83642

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123

Details

Source: MITRE

Published: 2013-04-29

Updated: 2018-10-30

Risk Information

CVSS v2.0

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM