CVE-2013-1926

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.

Published: Apr 29, 2013
Updated: Nov 9, 2025
CVE: CVE-2013-1926
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
redhat / icedtea-web	1.0.4	1.0.4.x
redhat / icedtea-web	1.0.6	1.0.6.x
redhat / icedtea-web	1.2.1	1.2.1.x
redhat / icedtea-web	1.1.4	1.1.4.x
redhat / icedtea-web	1.1.1	1.1.1.x
redhat / icedtea-web	1.1.2	1.1.2.x
redhat / icedtea-web	1.2	1.2.x
redhat / icedtea-web	-	1.2.2.x
redhat / icedtea-web	1.0.2	1.0.2.x
redhat / icedtea-web	1.3.1	1.3.1.x
redhat / icedtea-web	1.1.6	1.1.6.x
redhat / icedtea-web	1.0.3	1.0.3.x
redhat / icedtea-web	1.1.7	1.1.7.x
redhat / icedtea-web	1.3	1.3.x
redhat / icedtea-web	1.0.5	1.0.5.x
redhat / icedtea-web	1.1	1.1.x
redhat / icedtea-web	1.0.1	1.0.1.x
redhat / icedtea-web	1.1.5	1.1.5.x
redhat / icedtea-web	1.1.3	1.1.3.x
redhat / icedtea-web	1.0	1.0.x
canonical / ubuntu_linux	11.10	11.10.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_linux	10.04	10.04.x
opensuse / opensuse	12.2	12.2.x

Vulnerability Database

310,379

CVE-2013-1926

Deep Security Visibility Without the Complexity