CVE-2013-1926
6.1 Medium
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.004 Low
EPSS
Percentile
74.8%
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.
References
icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS
icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586
icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c
lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html
lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html
lists.opensuse.org/opensuse-updates/2013-04/msg00106.html
lists.opensuse.org/opensuse-updates/2013-05/msg00003.html
lists.opensuse.org/opensuse-updates/2013-05/msg00032.html
lists.opensuse.org/opensuse-updates/2013-06/msg00030.html
lists.opensuse.org/opensuse-updates/2013-06/msg00034.html
lists.opensuse.org/opensuse-updates/2013-06/msg00101.html
mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html
osvdb.org/92543
rhn.redhat.com/errata/RHSA-2013-0753.html
secunia.com/advisories/53109
secunia.com/advisories/53117
www.mandriva.com/security/advisories?name=MDVSA-2013:146
www.securityfocus.com/bid/59281
www.ubuntu.com/usn/USN-1804-1
bugzilla.redhat.com/show_bug.cgi?id=916774
exchange.xforce.ibmcloud.com/vulnerabilities/83642
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123
Related
6.1 Medium
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.004 Low
EPSS
Percentile
74.8%