CVE - CVE-2013-1926

CVE-ID
CVE-2013-1926	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:59281 URL:http://www.securityfocus.com/bid/59281 CONFIRM:http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS CONFIRM:http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586 CONFIRM:http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c MANDRIVA:MDVSA-2013:146 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2013:146~~ (Obsolete source) MISC:https://bugzilla.redhat.com/show_bug.cgi?id=916774 MISC:https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123 MLIST:[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released! URL:http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html OSVDB:92543 URL:~~http://osvdb.org/92543~~ (Obsolete source) REDHAT:RHSA-2013:0753 URL:http://rhn.redhat.com/errata/RHSA-2013-0753.html SECUNIA:53109 URL:http://secunia.com/advisories/53109 SECUNIA:53117 URL:http://secunia.com/advisories/53117 SUSE:SUSE-SU-2013:0851 URL:http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html SUSE:SUSE-SU-2013:1174 URL:http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html SUSE:openSUSE-SU-2013:0715 URL:http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html SUSE:openSUSE-SU-2013:0735 URL:http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html SUSE:openSUSE-SU-2013:0826 URL:http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html SUSE:openSUSE-SU-2013:0893 URL:http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html SUSE:openSUSE-SU-2013:0897 URL:http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html SUSE:openSUSE-SU-2013:0966 URL:http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html UBUNTU:USN-1804-1 URL:http://www.ubuntu.com/usn/USN-1804-1 XF:icedtea-cve20131940-security-bypass(83642) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/83642
Assigning CNA
Red Hat, Inc.
Date Record Created
20130219	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20130219)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)