CVE-2013-1926

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.

Published: Apr 30, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-1926
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
redhat / icedtea-web	1.0.4	1.0.4.x
redhat / icedtea-web	1.0.6	1.0.6.x
redhat / icedtea-web	1.2.1	1.2.1.x
redhat / icedtea-web	1.1.4	1.1.4.x
redhat / icedtea-web	1.1.1	1.1.1.x
redhat / icedtea-web	1.1.2	1.1.2.x
redhat / icedtea-web	1.2	1.2.x
redhat / icedtea-web	-	1.2.2.x
redhat / icedtea-web	1.0.2	1.0.2.x
redhat / icedtea-web	1.3.1	1.3.1.x
redhat / icedtea-web	1.1.6	1.1.6.x
redhat / icedtea-web	1.0.3	1.0.3.x
redhat / icedtea-web	1.1.7	1.1.7.x
redhat / icedtea-web	1.3	1.3.x
redhat / icedtea-web	1.0.5	1.0.5.x
redhat / icedtea-web	1.1	1.1.x
redhat / icedtea-web	1.0.1	1.0.1.x
redhat / icedtea-web	1.1.5	1.1.5.x
redhat / icedtea-web	1.1.3	1.1.3.x
redhat / icedtea-web	1.0	1.0.x
canonical / ubuntu_linux	11.10	11.10.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_linux	10.04	10.04.x
opensuse / opensuse	12.2	12.2.x

Vulnerability Database

289,784

CVE-2013-1926