Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-1804-2
HistoryApr 23, 2013 - 12:00 a.m.

IcedTea-Web regression

2013-04-2300:00:00
ubuntu.com
33

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.032 Low

EPSS

Percentile

91.2%

JSON

Releases

  • Ubuntu 12.04
  • Ubuntu 11.10

Packages

  • icedtea-web - A web browser plugin to execute Java applets

Details

USN-1804-1 fixed vulnerabilities in IcedTea-Web. This update introduced
a regression with the Java Network Launching Protocol (JNLP) when fetching
content over SSL under certain configurations, such as when using the
community-supported IcedTead 7 browser plugin. This update fixes the
problem.

We apologize for the inconvenience.

Original advisory details:

Jiri Vanek discovered that IcedTea-Web would use the same classloader for
applets from different domains. A remote attacker could exploit this to
expose sensitive information or potentially manipulate applets from other
domains. (CVE-2013-1926)

It was discovered that IcedTea-Web did not properly verify JAR files and
was susceptible to the GIFAR attack. If a user were tricked into opening a
malicious website, a remote attacker could potentially exploit this to
execute code under certain circumstances. (CVE-2013-1927)

OSVersionArchitecturePackageVersionFilename
Ubuntu12.04noarchicedtea-7-plugin< 1.2.3-0ubuntu0.12.04.2UNKNOWN
Ubuntu12.04noarchicedtea-6-plugin< 1.2.3-0ubuntu0.12.04.2UNKNOWN
Ubuntu12.04noarchicedtea-netx< 1.2.3-0ubuntu0.12.04.2UNKNOWN
Ubuntu11.10noarchicedtea-netx< 1.2.3-0ubuntu0.11.10.2UNKNOWN
Ubuntu11.10noarchicedtea-6-plugin< 1.2.3-0ubuntu0.11.10.2UNKNOWN

Related

nessus 16
openvas 15
ubuntu 1
veracode 2
oraclelinux 1
redhat 1
centos 1
securityvulns 2
fedora 4
suse 2
prion 2
cvelist 2
nvd 2
debiancve 2
cve 2
ubuntucve 2
nessus
nessus
Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : icedtea-web vulnerabilities (USN-1804-1)
2013-04-19 00:00:00
Fedora 17 : icedtea-web-1.3.2-0.fc17 (2013-5925)
2013-04-20 00:00:00
openSUSE Security Update : icedtea-web (openSUSE-SU-2013:0897-1)
2014-06-13 00:00:00
openvas
openvas
Fedora Update for icedtea-web FEDORA-2013-5962
2013-04-19 00:00:00
Ubuntu: Security Advisory (USN-1804-1)
2013-04-19 00:00:00
Ubuntu: Security Advisory (USN-1804-2)
2013-04-25 00:00:00
ubuntu
ubuntu
IcedTea-Web vulnerabilities
2013-04-18 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:44:40
Information Disclosure
2019-01-15 08:52:10
oraclelinux
oraclelinux
icedtea-web security update
2013-04-17 00:00:00
redhat
redhat
(RHSA-2013:0753) Moderate: icedtea-web security update
2013-04-17 00:00:00
centos
centos
icedtea security update
2013-04-17 22:33:18
securityvulns
securityvulns
[USN-1804-1] IcedTea-Web vulnerabilities
2013-04-22 00:00:00
IcedTea-Web security vulnerabilities
2013-04-22 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: icedtea-web-1.3.2-0.fc18
2013-04-18 02:48:19
[SECURITY] Fedora 19 Update: icedtea-web-1.3.2-0.fc19
2013-04-25 14:16:11
[SECURITY] Fedora 18 Update: icedtea-web-1.4.1-0.fc18
2013-10-04 01:58:51
suse
suse
Security update for icedtea-web (important)
2013-07-10 19:04:21
Security update for icedtea-web (important)
2013-05-31 19:04:15
prion
prion
Design/Logic Flaw
2013-04-29 22:55:00
Code injection
2013-04-29 22:55:00
cvelist
cvelist
CVE-2013-1926
2013-04-29 22:00:00
CVE-2013-1927
2013-04-29 22:00:00
nvd
nvd
CVE-2013-1926
2013-04-29 22:55:08
CVE-2013-1927
2013-04-29 22:55:08
debiancve
debiancve
CVE-2013-1926
2013-04-29 22:55:08
CVE-2013-1927
2013-04-29 22:55:08
cve
cve
CVE-2013-1926
2013-04-29 22:55:08
CVE-2013-1927
2013-04-29 22:55:08
ubuntucve
ubuntucve
CVE-2013-1926
2013-04-17 00:00:00
CVE-2013-1927
2013-04-17 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.032 Low

EPSS

Percentile

91.2%

JSON
Related for USN-1804-2
nessus16openvas15ubuntu1veracode2oraclelinux1redhat1centos1securityvulns2fedora4suse2prion2cvelist2nvd2debiancve2cve2ubuntucve2