CVE-2013-1926
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6.2 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
75.0%
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.
Affected configurations
References
icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS
icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586
icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c
lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html
lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html
lists.opensuse.org/opensuse-updates/2013-04/msg00106.html
lists.opensuse.org/opensuse-updates/2013-05/msg00003.html
lists.opensuse.org/opensuse-updates/2013-05/msg00032.html
lists.opensuse.org/opensuse-updates/2013-06/msg00030.html
lists.opensuse.org/opensuse-updates/2013-06/msg00034.html
lists.opensuse.org/opensuse-updates/2013-06/msg00101.html
mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html
osvdb.org/92543
rhn.redhat.com/errata/RHSA-2013-0753.html
secunia.com/advisories/53109
secunia.com/advisories/53117
www.mandriva.com/security/advisories?name=MDVSA-2013:146
www.securityfocus.com/bid/59281
www.ubuntu.com/usn/USN-1804-1
bugzilla.redhat.com/show_bug.cgi?id=916774
exchange.xforce.ibmcloud.com/vulnerabilities/83642
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123
Related
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6.2 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
75.0%