Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-6493

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2013-6493
Last Modified 16 Mar 2014 12:42:41
Published 03 Mar 2014 11:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2013-6493

Summary

The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.

Vulnerable Systems

Application

  • Redhat Icedtea-web 1.0.1

  • Redhat Icedtea-web 1.0.2

  • Redhat Icedtea-web 1.0.3

  • Redhat Icedtea-web 1.0.4

  • Redhat Icedtea-web 1.0.5

  • Redhat Icedtea-web 1.0.6

  • Redhat Icedtea-web 1.1

  • Redhat Icedtea-web 1.1.1

  • Redhat Icedtea-web 1.1.2

  • Redhat Icedtea-web 1.1.3

  • Redhat Icedtea-web 1.1.4

  • Redhat Icedtea-web 1.1.5

  • Redhat Icedtea-web 1.1.6

  • Redhat Icedtea-web 1.1.7

  • Redhat Icedtea-web 1.2

  • Redhat Icedtea-web 1.2.1

  • Redhat Icedtea-web 1.2.2

  • Redhat Icedtea-web 1.3

  • Redhat Icedtea-web 1.3.1

  • Redhat Icedtea-web 1.3.2


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1010958

SECUNIA - 57036

MLIST - [oss-security] 20140207 IcedTea-Web insecure temporary directory use - CVE-2013-6493

MLIST - [distro-pkg-dev] 20140305 IcedTea-Web 1.4.2 released!

SUSE - openSUSE-SU-2014:0310

CONFIRM - http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a

UBUNTU - USN-2131-1


Last Updated: 27 May 2016 11:04:32