5.8

CVE-2013-1926

EPSS 0.7%
Published 29.04.2013 22:55:08
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.

Affected products Warnungen 0 Metrics 2 CWE 0 References 25

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Icedtea-web Version <= 1.2.2

Redhat ≫ Icedtea-web Version1.0

Redhat ≫ Icedtea-web Version1.0.1

Redhat ≫ Icedtea-web Version1.0.2

Redhat ≫ Icedtea-web Version1.0.3

Redhat ≫ Icedtea-web Version1.0.4

Redhat ≫ Icedtea-web Version1.0.5

Redhat ≫ Icedtea-web Version1.0.6

Redhat ≫ Icedtea-web Version1.1

Redhat ≫ Icedtea-web Version1.1.1

Redhat ≫ Icedtea-web Version1.1.2

Redhat ≫ Icedtea-web Version1.1.3

Redhat ≫ Icedtea-web Version1.1.4

Redhat ≫ Icedtea-web Version1.1.5

Redhat ≫ Icedtea-web Version1.1.6

Redhat ≫ Icedtea-web Version1.1.7

Redhat ≫ Icedtea-web Version1.2

Redhat ≫ Icedtea-web Version1.2.1

Redhat ≫ Icedtea-web Version1.3

Redhat ≫ Icedtea-web Version1.3.1

Canonical ≫ Ubuntu Linux Version10.04 Update- Editionlts

Canonical ≫ Ubuntu Linux Version11.10

Canonical ≫ Ubuntu Linux Version12.04 Update- Editionlts

Canonical ≫ Ubuntu Linux Version12.10

Opensuse ≫ Opensuse Version12.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.7%	0.697

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html

http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html

http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html

http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html

http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS

http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586

http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c

http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html

http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html

http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html

http://osvdb.org/92543

http://rhn.redhat.com/errata/RHSA-2013-0753.html

http://secunia.com/advisories/53109

Vendor Advisory

http://secunia.com/advisories/53117

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2013:146

http://www.securityfocus.com/bid/59281

http://www.ubuntu.com/usn/USN-1804-1

https://bugzilla.redhat.com/show_bug.cgi?id=916774

https://exchange.xforce.ibmcloud.com/vulnerabilities/83642

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123

https://nvd.nist.gov/vuln/detail/CVE-2013-1926

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-1926

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-1926

EUVD