CVE-2013-1926
Summary
| CVE | CVE-2013-1926 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-04-29 22:55:08 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet. |
Risk And Classification
Primary CVSS: v2.0 5.8 from [email protected]
AV:N/AC:M/Au:N/C:P/I:P/A:N
Problem Types: NVD-CWE-noinfo | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
NoneAV:N/AC:M/Au:N/C:P/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 10.04 | - | lts | All |
| Operating System | Canonical | Ubuntu Linux | 11.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | - | lts | All |
| Operating System | Canonical | Ubuntu Linux | 12.10 | All | All | All |
| Operating System | Opensuse | Opensuse | 12.2 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0.1 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0.2 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0.3 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0.4 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0.5 | All | All | All |
| Application | Redhat | Icedtea-web | 1.0.6 | All | All | All |
| Application | Redhat | Icedtea-web | 1.1 | All | All | All |
| Application | Redhat | Icedtea-web | 1.1.1 | All | All | All |
| Application | Redhat | Icedtea-web | 1.1.2 | All | All | All |
| Application | Redhat | Icedtea-web | 1.1.3 | All | All | All |
| Application | Redhat | Icedtea-web | 1.1.4 | All | All | All |
| Application | Redhat | Icedtea-web | 1.1.5 | All | All | All |
| Application | Redhat | Icedtea-web | 1.1.6 | All | All | All |
| Application | Redhat | Icedtea-web | 1.1.7 | All | All | All |
| Application | Redhat | Icedtea-web | 1.2 | All | All | All |
| Application | Redhat | Icedtea-web | 1.2.1 | All | All | All |
| Application | Redhat | Icedtea-web | 1.3 | All | All | All |
| Application | Redhat | Icedtea-web | 1.3.1 | All | All | All |
| Application | Redhat | Icedtea-web | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IcedTea-Web CVE-2013-1926 Security Bypass Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| [security-announce] SUSE-SU-2013:1174-1: important: Security update for | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| osvdb.org/92543 | af854a3a-2127-422b-91ae-364da2661108 | osvdb.org | |
| openSUSE-SU-2013:0715-1: moderate: update for icedtea-web | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| openSUSE-SU-2013:0966-1: moderate: Package icedtea-web was updated to ve | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| Support / Security / Advisories / / MDVSA-2013:146 | Mandriva | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | |
| openSUSE-SU-2013:0735-1: moderate: update for icedtea-web | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| 916774 – (CVE-2013-1926) CVE-2013-1926 icedtea-web: class loader sharing for applets with same codebase paths | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | |
| IcedTea-Web 1.3.2 and 1.2.3 released! | af854a3a-2127-422b-91ae-364da2661108 | mail.openjdk.java.net | |
| Security Advisory SA53117 - Ubuntu update for icedtea-web - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| release/icedtea-web-1.2: 34b6f60ae586 | af854a3a-2127-422b-91ae-364da2661108 | icedtea.classpath.org | |
| release/icedtea-web-1.2: 89bbadb66b07 NEWS | af854a3a-2127-422b-91ae-364da2661108 | icedtea.classpath.org | |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | |
| USN-1804-1: IcedTea-Web vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | |
| openSUSE-SU-2013:0826-1: moderate: Package icedtea-web was updated to ve | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| [security-announce] SUSE-SU-2013:0851-1: important: Security update for | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| Support/Advisories/MGASA-2013-0123 - Mageia wiki | af854a3a-2127-422b-91ae-364da2661108 | wiki.mageia.org | |
| openSUSE-SU-2013:0897-1: moderate: update for icedtea-web | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| Security Advisory SA53109 - Red Hat update for icedtea-web - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| openSUSE-SU-2013:0893-1: moderate: Package icedtea-web was updated to ve | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| release/icedtea-web-1.3: 25dd7c7ac39c | af854a3a-2127-422b-91ae-364da2661108 | icedtea.classpath.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.