Information Disclosure

2019-01-1508:54:33

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

JSON

icedtea-web is vulnerable to information disclosure attacks. The vulnerability exists as the LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.

CPENameOperatorVersion
icedtea-webeq1.0.2__3.el6
icedtea-webeq1.4.1__0.el6
icedtea-webeq1.0.6__1.el6_1
icedtea-webeq1.1.4__1.el6
icedtea-webeq1.2.2__3.el6
icedtea-webeq1.2.3__4.el6_4
icedtea-webeq1.2.2__1.el6_3
icedtea-webeq1.2.3__2.el6_4
icedtea-webeq1.0.4__2.el6_1
icedtea-webeq1.2__1.el6

Name	Operator	Version
icedtea-web	eq	1.0.2__3.el6
icedtea-web	eq	1.4.1__0.el6
icedtea-web	eq	1.0.6__1.el6_1
icedtea-web	eq	1.1.4__1.el6
icedtea-web	eq	1.2.2__3.el6
icedtea-web	eq	1.2.3__4.el6_4
icedtea-web	eq	1.2.2__1.el6_3
icedtea-web	eq	1.2.3__2.el6_4
icedtea-web	eq	1.0.4__2.el6_1
icedtea-web	eq	1.2__1.el6