FKIE_CVE-2013-1926

Vulnerability from fkie_nvd - Published: 2013-04-29 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.
References
secalert@redhat.comhttp://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS
secalert@redhat.comhttp://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586
secalert@redhat.comhttp://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html
secalert@redhat.comhttp://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html
secalert@redhat.comhttp://osvdb.org/92543
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0753.html
secalert@redhat.comhttp://secunia.com/advisories/53109Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/53117Vendor Advisory
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:146
secalert@redhat.comhttp://www.securityfocus.com/bid/59281
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1804-1
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=916774
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/83642
secalert@redhat.comhttps://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123
af854a3a-2127-422b-91ae-364da2661108http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS
af854a3a-2127-422b-91ae-364da2661108http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586
af854a3a-2127-422b-91ae-364da2661108http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html
af854a3a-2127-422b-91ae-364da2661108http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/92543
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0753.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/53109Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/53117Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2013:146
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/59281
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1804-1
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=916774
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/83642
af854a3a-2127-422b-91ae-364da2661108https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123
Impacted products
Vendor Product Version
redhat icedtea-web *
redhat icedtea-web 1.0
redhat icedtea-web 1.0.1
redhat icedtea-web 1.0.2
redhat icedtea-web 1.0.3
redhat icedtea-web 1.0.4
redhat icedtea-web 1.0.5
redhat icedtea-web 1.0.6
redhat icedtea-web 1.1
redhat icedtea-web 1.1.1
redhat icedtea-web 1.1.2
redhat icedtea-web 1.1.3
redhat icedtea-web 1.1.4
redhat icedtea-web 1.1.5
redhat icedtea-web 1.1.6
redhat icedtea-web 1.1.7
redhat icedtea-web 1.2
redhat icedtea-web 1.2.1
redhat icedtea-web 1.3
redhat icedtea-web 1.3.1
canonical ubuntu_linux 10.04
canonical ubuntu_linux 11.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 12.10
opensuse opensuse 12.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:icedtea-web:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7482A659-70CA-48A9-A0B8-53C7347B149A",
              "versionEndIncluding": "1.2.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "941141AF-7E4A-4302-82A0-410D5694983A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6B24564-AA45-4A26-BB3D-8C9B8DF8EBD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0882F9F6-0C78-472E-82B2-0DCD3909EBAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD2BD3A8-D9E9-46E7-AEC9-B5511A10C472",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D8C118E-EF65-448B-940F-9892C59013DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "042B0E43-92C9-42F3-B6F3-7AE3F044FB5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea-web:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EEB4704-9DA1-4034-B81C-9D1522CE776B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "69F3FB66-F6C8-449C-9650-B0D906E307AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD91C17-3187-4150-A77A-A012D2A74AA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08431724-45B6-48A3-BEA4-94F9BC27B5EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D798F99B-D6C3-48B8-B186-C4B2B542D246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1F9B53-6560-4F57-9E16-552D0C12A4D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9C5A2C3-69B0-476E-82AA-A0F86D7D01CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B4615F0-3544-433D-9B2B-2FD6A2D602E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea-web:1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7378E908-4CE5-43F4-A027-AAF70071638E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea-web:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBB2D9F-F217-43BE-8E92-22B1A2186128",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea-web:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD5D8436-437C-4ED0-A891-F9614225E1BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea-web:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E71F3808-04EC-41A7-861D-3A8AB9C2AD03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:icedtea-web:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "409A056E-75B5-4092-BB84-295AF2637CFE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
              "matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
              "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet."
    },
    {
      "lang": "es",
      "value": "El plugin IcedTea-Web antes de v1.2.3 y v1.3.x antes v1.3.2 utiliza el mismo cargador de clases de applets con la misma ruta de c\u00f3digo base pero desde diferentes \u00e1mbitos, lo que permite a atacantes remotos obtener informaci\u00f3n sensible o posiblemente alterar otros applets a trav\u00e9s de un applet creado para este fin."
    }
  ],
  "evaluatorImpact": "Per http://www.ubuntu.com/usn/USN-1804-1/ \"A security issue affects these releases of Ubuntu and its derivatives:\r\n    Ubuntu 12.10\r\n    Ubuntu 12.04 LTS\r\n    Ubuntu 11.10\r\n    Ubuntu 10.04 LTS\"\r\n\r\nPer http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html\r\n\"Affected Products:\r\nopenSUSE 12.2\"",
  "id": "CVE-2013-1926",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-04-29T22:55:08.297",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/92543"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53109"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53117"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/59281"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1804-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916774"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83642"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/92543"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/59281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1804-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916774"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.