Search criteria

20 vulnerabilities found for icedtea-web by redhat

CVE-2011-2514 (GCVE-0-2011-2514)

Vulnerability from nvd – Published: 2014-05-14 00:00 – Updated: 2024-08-06 23:00
VLAI?
Summary
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:00:34.171Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
          },
          {
            "name": "USN-1178-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-1178-1"
          },
          {
            "name": "RHSA-2011:1100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
          },
          {
            "name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 \u0026 1.9.9 Released!",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=718170"
          },
          {
            "name": "1025854",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025854"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-13T23:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
        },
        {
          "name": "USN-1178-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-1178-1"
        },
        {
          "name": "RHSA-2011:1100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
        },
        {
          "name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 \u0026 1.9.9 Released!",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=718170"
        },
        {
          "name": "1025854",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025854"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-2514",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released",
              "refsource": "MLIST",
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
            },
            {
              "name": "USN-1178-1",
              "refsource": "UBUNTU",
              "url": "http://ubuntu.com/usn/usn-1178-1"
            },
            {
              "name": "RHSA-2011:1100",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
            },
            {
              "name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 \u0026 1.9.9 Released!",
              "refsource": "MLIST",
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0",
              "refsource": "MISC",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388",
              "refsource": "MISC",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=718170",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=718170"
            },
            {
              "name": "1025854",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1025854"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-2514",
    "datePublished": "2014-05-14T00:00:00",
    "dateReserved": "2011-06-15T00:00:00",
    "dateUpdated": "2024-08-06T23:00:34.171Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-2513 (GCVE-0-2011-2513)

Vulnerability from nvd – Published: 2014-05-14 00:00 – Updated: 2024-08-06 23:00
VLAI?
Summary
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:00:34.177Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04"
          },
          {
            "name": "USN-1178-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-1178-1"
          },
          {
            "name": "RHSA-2011:1100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
          },
          {
            "name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 \u0026 1.9.9 Released!",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227"
          },
          {
            "name": "1025854",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025854"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=718164"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-13T23:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04"
        },
        {
          "name": "USN-1178-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-1178-1"
        },
        {
          "name": "RHSA-2011:1100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
        },
        {
          "name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 \u0026 1.9.9 Released!",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227"
        },
        {
          "name": "1025854",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025854"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=718164"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-2513",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released",
              "refsource": "MLIST",
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04",
              "refsource": "MISC",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04"
            },
            {
              "name": "USN-1178-1",
              "refsource": "UBUNTU",
              "url": "http://ubuntu.com/usn/usn-1178-1"
            },
            {
              "name": "RHSA-2011:1100",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
            },
            {
              "name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 \u0026 1.9.9 Released!",
              "refsource": "MLIST",
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227",
              "refsource": "MISC",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227"
            },
            {
              "name": "1025854",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1025854"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=718164",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=718164"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-2513",
    "datePublished": "2014-05-14T00:00:00",
    "dateReserved": "2011-06-15T00:00:00",
    "dateUpdated": "2024-08-06T23:00:34.177Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-6493 (GCVE-0-2013-6493)

Vulnerability from nvd – Published: 2014-03-03 16:00 – Updated: 2024-08-06 17:46
VLAI?
Summary
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://mail.openjdk.java.net/pipermail/distro-pkg… mailing-listx_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=1010958 x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2131-1 vendor-advisoryx_refsource_UBUNTU
http://seclists.org/oss-sec/2014/q1/282 mailing-listx_refsource_MLIST
http://secunia.com/advisories/57036 third-party-advisoryx_refsource_SECUNIA
http://icedtea.classpath.org/hg/icedtea-web/rev/2… x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:46:22.328Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[distro-pkg-dev] 20140305 IcedTea-Web 1.4.2 released!",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-February/026192.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010958"
          },
          {
            "name": "USN-2131-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2131-1"
          },
          {
            "name": "[oss-security] 20140207 IcedTea-Web insecure temporary directory use - CVE-2013-6493",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q1/282"
          },
          {
            "name": "57036",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57036"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a"
          },
          {
            "name": "openSUSE-SU-2014:0310",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00089.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-02-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-03-07T13:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[distro-pkg-dev] 20140305 IcedTea-Web 1.4.2 released!",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-February/026192.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010958"
        },
        {
          "name": "USN-2131-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2131-1"
        },
        {
          "name": "[oss-security] 20140207 IcedTea-Web insecure temporary directory use - CVE-2013-6493",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q1/282"
        },
        {
          "name": "57036",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57036"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a"
        },
        {
          "name": "openSUSE-SU-2014:0310",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00089.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-6493",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[distro-pkg-dev] 20140305 IcedTea-Web 1.4.2 released!",
              "refsource": "MLIST",
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-February/026192.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1010958",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010958"
            },
            {
              "name": "USN-2131-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2131-1"
            },
            {
              "name": "[oss-security] 20140207 IcedTea-Web insecure temporary directory use - CVE-2013-6493",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2014/q1/282"
            },
            {
              "name": "57036",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57036"
            },
            {
              "name": "http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a"
            },
            {
              "name": "openSUSE-SU-2014:0310",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00089.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-6493",
    "datePublished": "2014-03-03T16:00:00",
    "dateReserved": "2013-11-04T00:00:00",
    "dateUpdated": "2024-08-06T17:46:22.328Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-3377 (GCVE-0-2011-3377)

Vulnerability from nvd – Published: 2014-02-05 19:00 – Updated: 2024-08-06 23:29
VLAI?
Summary
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
https://bugzilla.redhat.com/show_bug.cgi?id=742515 x_refsource_MISC
http://rhn.redhat.com/errata/RHSA-2011-1441.html vendor-advisoryx_refsource_REDHAT
http://dbhole.wordpress.com/2011/11/08/icedtea-we… x_refsource_CONFIRM
http://www.osvdb.org/76940 vdb-entryx_refsource_OSVDB
http://lists.opensuse.org/opensuse-updates/2012-0… vendor-advisoryx_refsource_SUSE
http://www.debian.org/security/2012/dsa-2420 vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/50610 vdb-entryx_refsource_BID
http://www.ubuntu.com/usn/USN-1263-1 vendor-advisoryx_refsource_UBUNTU
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:29:56.889Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=742515"
          },
          {
            "name": "RHSA-2011:1441",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2011-1441.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/"
          },
          {
            "name": "76940",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/76940"
          },
          {
            "name": "openSUSE-SU-2012:0371",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00028.html"
          },
          {
            "name": "DSA-2420",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2420"
          },
          {
            "name": "50610",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/50610"
          },
          {
            "name": "USN-1263-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1263-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-11-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-02-05T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=742515"
        },
        {
          "name": "RHSA-2011:1441",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2011-1441.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/"
        },
        {
          "name": "76940",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/76940"
        },
        {
          "name": "openSUSE-SU-2012:0371",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00028.html"
        },
        {
          "name": "DSA-2420",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2420"
        },
        {
          "name": "50610",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/50610"
        },
        {
          "name": "USN-1263-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1263-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-3377",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=742515",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=742515"
            },
            {
              "name": "RHSA-2011:1441",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2011-1441.html"
            },
            {
              "name": "http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/",
              "refsource": "CONFIRM",
              "url": "http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/"
            },
            {
              "name": "76940",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/76940"
            },
            {
              "name": "openSUSE-SU-2012:0371",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00028.html"
            },
            {
              "name": "DSA-2420",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2420"
            },
            {
              "name": "50610",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/50610"
            },
            {
              "name": "USN-1263-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1263-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-3377",
    "datePublished": "2014-02-05T19:00:00",
    "dateReserved": "2011-08-30T00:00:00",
    "dateUpdated": "2024-08-06T23:29:56.889Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-1927 (GCVE-0-2013-1927)

Vulnerability from nvd – Published: 2013-04-29 22:00 – Updated: 2024-08-06 15:20
VLAI?
Summary
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://osvdb.org/92544 vdb-entryx_refsource_OSVDB
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/53109 third-party-advisoryx_refsource_SECUNIA
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
http://www.securityfocus.com/bid/59286 vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/53117 third-party-advisoryx_refsource_SECUNIA
http://icedtea.classpath.org/hg/release/icedtea-w… x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2013-0753.html vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
http://www.ubuntu.com/usn/USN-1804-1 vendor-advisoryx_refsource_UBUNTU
http://icedtea.classpath.org/hg/release/icedtea-w… x_refsource_CONFIRM
https://wiki.mageia.org/en/Support/Advisories/MGA… x_refsource_MISC
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
https://bugzilla.redhat.com/show_bug.cgi?id=884705 x_refsource_MISC
http://icedtea.classpath.org/hg/release/icedtea-w… x_refsource_CONFIRM
http://mail.openjdk.java.net/pipermail/distro-pkg… mailing-listx_refsource_MLIST
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:20:37.135Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "92544",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/92544"
          },
          {
            "name": "SUSE-SU-2013:0851",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
          },
          {
            "name": "openSUSE-SU-2013:0897",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
          },
          {
            "name": "MDVSA-2013:146",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
          },
          {
            "name": "SUSE-SU-2013:1174",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
          },
          {
            "name": "53109",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/53109"
          },
          {
            "name": "openSUSE-SU-2013:0826",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
          },
          {
            "name": "59286",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/59286"
          },
          {
            "name": "icedtea-cve20131927-sec-bypass(83640)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83640"
          },
          {
            "name": "openSUSE-SU-2013:0735",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
          },
          {
            "name": "53117",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/53117"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8"
          },
          {
            "name": "RHSA-2013:0753",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
          },
          {
            "name": "openSUSE-SU-2013:0966",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
          },
          {
            "name": "openSUSE-SU-2013:0893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
          },
          {
            "name": "USN-1804-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1804-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
          },
          {
            "name": "openSUSE-SU-2013:0715",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=884705"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e"
          },
          {
            "name": "[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-04-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka \"GIFAR.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "92544",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/92544"
        },
        {
          "name": "SUSE-SU-2013:0851",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
        },
        {
          "name": "openSUSE-SU-2013:0897",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
        },
        {
          "name": "MDVSA-2013:146",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
        },
        {
          "name": "SUSE-SU-2013:1174",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
        },
        {
          "name": "53109",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/53109"
        },
        {
          "name": "openSUSE-SU-2013:0826",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
        },
        {
          "name": "59286",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/59286"
        },
        {
          "name": "icedtea-cve20131927-sec-bypass(83640)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83640"
        },
        {
          "name": "openSUSE-SU-2013:0735",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
        },
        {
          "name": "53117",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/53117"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8"
        },
        {
          "name": "RHSA-2013:0753",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
        },
        {
          "name": "openSUSE-SU-2013:0966",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
        },
        {
          "name": "openSUSE-SU-2013:0893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
        },
        {
          "name": "USN-1804-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1804-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
        },
        {
          "name": "openSUSE-SU-2013:0715",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=884705"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e"
        },
        {
          "name": "[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-1927",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka \"GIFAR.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "92544",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/92544"
            },
            {
              "name": "SUSE-SU-2013:0851",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
            },
            {
              "name": "openSUSE-SU-2013:0897",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
            },
            {
              "name": "MDVSA-2013:146",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
            },
            {
              "name": "SUSE-SU-2013:1174",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
            },
            {
              "name": "53109",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/53109"
            },
            {
              "name": "openSUSE-SU-2013:0826",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
            },
            {
              "name": "59286",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/59286"
            },
            {
              "name": "icedtea-cve20131927-sec-bypass(83640)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83640"
            },
            {
              "name": "openSUSE-SU-2013:0735",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
            },
            {
              "name": "53117",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/53117"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8"
            },
            {
              "name": "RHSA-2013:0753",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
            },
            {
              "name": "openSUSE-SU-2013:0966",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
            },
            {
              "name": "openSUSE-SU-2013:0893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
            },
            {
              "name": "USN-1804-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1804-1"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
            },
            {
              "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123",
              "refsource": "MISC",
              "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
            },
            {
              "name": "openSUSE-SU-2013:0715",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=884705",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=884705"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e"
            },
            {
              "name": "[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!",
              "refsource": "MLIST",
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-1927",
    "datePublished": "2013-04-29T22:00:00",
    "dateReserved": "2013-02-19T00:00:00",
    "dateUpdated": "2024-08-06T15:20:37.135Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-1926 (GCVE-0-2013-1926)

Vulnerability from nvd – Published: 2013-04-29 22:00 – Updated: 2024-08-06 15:20
VLAI?
Summary
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://osvdb.org/92543 vdb-entryx_refsource_OSVDB
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/53109 third-party-advisoryx_refsource_SECUNIA
http://icedtea.classpath.org/hg/release/icedtea-w… x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/53117 third-party-advisoryx_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2013-0753.html vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
http://icedtea.classpath.org/hg/release/icedtea-w… x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-1804-1 vendor-advisoryx_refsource_UBUNTU
http://icedtea.classpath.org/hg/release/icedtea-w… x_refsource_CONFIRM
http://www.securityfocus.com/bid/59281 vdb-entryx_refsource_BID
https://wiki.mageia.org/en/Support/Advisories/MGA… x_refsource_MISC
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
https://bugzilla.redhat.com/show_bug.cgi?id=916774 x_refsource_MISC
http://mail.openjdk.java.net/pipermail/distro-pkg… mailing-listx_refsource_MLIST
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:20:37.229Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "92543",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/92543"
          },
          {
            "name": "SUSE-SU-2013:0851",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
          },
          {
            "name": "openSUSE-SU-2013:0897",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
          },
          {
            "name": "icedtea-cve20131940-security-bypass(83642)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83642"
          },
          {
            "name": "MDVSA-2013:146",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
          },
          {
            "name": "SUSE-SU-2013:1174",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
          },
          {
            "name": "53109",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/53109"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586"
          },
          {
            "name": "openSUSE-SU-2013:0826",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
          },
          {
            "name": "openSUSE-SU-2013:0735",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
          },
          {
            "name": "53117",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/53117"
          },
          {
            "name": "RHSA-2013:0753",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
          },
          {
            "name": "openSUSE-SU-2013:0966",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
          },
          {
            "name": "openSUSE-SU-2013:0893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c"
          },
          {
            "name": "USN-1804-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1804-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
          },
          {
            "name": "59281",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/59281"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
          },
          {
            "name": "openSUSE-SU-2013:0715",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916774"
          },
          {
            "name": "[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-04-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "92543",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/92543"
        },
        {
          "name": "SUSE-SU-2013:0851",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
        },
        {
          "name": "openSUSE-SU-2013:0897",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
        },
        {
          "name": "icedtea-cve20131940-security-bypass(83642)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83642"
        },
        {
          "name": "MDVSA-2013:146",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
        },
        {
          "name": "SUSE-SU-2013:1174",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
        },
        {
          "name": "53109",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/53109"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586"
        },
        {
          "name": "openSUSE-SU-2013:0826",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
        },
        {
          "name": "openSUSE-SU-2013:0735",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
        },
        {
          "name": "53117",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/53117"
        },
        {
          "name": "RHSA-2013:0753",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
        },
        {
          "name": "openSUSE-SU-2013:0966",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
        },
        {
          "name": "openSUSE-SU-2013:0893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c"
        },
        {
          "name": "USN-1804-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1804-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
        },
        {
          "name": "59281",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/59281"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
        },
        {
          "name": "openSUSE-SU-2013:0715",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916774"
        },
        {
          "name": "[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-1926",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "92543",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/92543"
            },
            {
              "name": "SUSE-SU-2013:0851",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
            },
            {
              "name": "openSUSE-SU-2013:0897",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
            },
            {
              "name": "icedtea-cve20131940-security-bypass(83642)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83642"
            },
            {
              "name": "MDVSA-2013:146",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
            },
            {
              "name": "SUSE-SU-2013:1174",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
            },
            {
              "name": "53109",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/53109"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586"
            },
            {
              "name": "openSUSE-SU-2013:0826",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
            },
            {
              "name": "openSUSE-SU-2013:0735",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
            },
            {
              "name": "53117",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/53117"
            },
            {
              "name": "RHSA-2013:0753",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
            },
            {
              "name": "openSUSE-SU-2013:0966",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
            },
            {
              "name": "openSUSE-SU-2013:0893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c"
            },
            {
              "name": "USN-1804-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1804-1"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
            },
            {
              "name": "59281",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/59281"
            },
            {
              "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123",
              "refsource": "MISC",
              "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
            },
            {
              "name": "openSUSE-SU-2013:0715",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=916774",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916774"
            },
            {
              "name": "[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!",
              "refsource": "MLIST",
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-1926",
    "datePublished": "2013-04-29T22:00:00",
    "dateReserved": "2013-02-19T00:00:00",
    "dateUpdated": "2024-08-06T15:20:37.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-4540 (GCVE-0-2012-4540)

Vulnerability from nvd – Published: 2012-11-11 11:00 – Updated: 2024-08-06 20:42
VLAI?
Summary
Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://security.gentoo.org/glsa/glsa-201406-32.xml vendor-advisoryx_refsource_GENTOO
http://icedtea.classpath.org/hg/release/icedtea-w… x_refsource_CONFIRM
http://www.debian.org/security/2013/dsa-2768 vendor-advisoryx_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://icedtea.classpath.org/hg/release/icedtea-w… x_refsource_CONFIRM
http://www.securityfocus.com/bid/56434 vdb-entryx_refsource_BID
http://rhn.redhat.com/errata/RHSA-2012-1434.html vendor-advisoryx_refsource_REDHAT
http://mail.openjdk.java.net/pipermail/distro-pkg… mailing-listx_refsource_MLIST
http://secunia.com/advisories/51220 third-party-advisoryx_refsource_SECUNIA
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/51374 third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1027738 vdb-entryx_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-1625-1 vendor-advisoryx_refsource_UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=869040 x_refsource_MISC
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
http://mail.openjdk.java.net/pipermail/distro-pkg… mailing-listx_refsource_MLIST
http://secunia.com/advisories/51206 third-party-advisoryx_refsource_SECUNIA
http://lists.opensuse.org/opensuse-updates/2012-1… vendor-advisoryx_refsource_SUSE
http://www.securityfocus.com/bid/62426 vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2012/11/07/5 mailing-listx_refsource_MLIST
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
https://bugzilla.redhat.com/show_bug.cgi?id=1007960 x_refsource_CONFIRM
http://icedtea.classpath.org/hg/release/icedtea-w… x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:42:53.644Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS"
          },
          {
            "name": "DSA-2768",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2768"
          },
          {
            "name": "openSUSE-SU-2015:1595",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f"
          },
          {
            "name": "56434",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/56434"
          },
          {
            "name": "RHSA-2012:1434",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1434.html"
          },
          {
            "name": "[distro-pkg-dev] 20121107 IcedTea-Web 1.1.7, 1.2.2 and 1.3.1 [security releases] released!",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html"
          },
          {
            "name": "51220",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51220"
          },
          {
            "name": "openSUSE-SU-2013:1511",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html"
          },
          {
            "name": "icedtea-applet-bo(79894)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79894"
          },
          {
            "name": "51374",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51374"
          },
          {
            "name": "1027738",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027738"
          },
          {
            "name": "USN-1625-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1625-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869040"
          },
          {
            "name": "openSUSE-SU-2013:1509",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html"
          },
          {
            "name": "[distro-pkg-dev] 20130919 IcedTea-Web 1.4.1 released!",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html"
          },
          {
            "name": "51206",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51206"
          },
          {
            "name": "openSUSE-SU-2012:1524",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html"
          },
          {
            "name": "62426",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62426"
          },
          {
            "name": "[oss-security] 20121107 IcedTea-Web CVE-2012-4540",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/11/07/5"
          },
          {
            "name": "MDVSA-2012:171",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:171"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007960"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe"
          },
          {
            "name": "openSUSE-SU-2013:0174",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-11-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a \"triggering event attached to applet.\" NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS"
        },
        {
          "name": "DSA-2768",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2768"
        },
        {
          "name": "openSUSE-SU-2015:1595",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f"
        },
        {
          "name": "56434",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/56434"
        },
        {
          "name": "RHSA-2012:1434",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1434.html"
        },
        {
          "name": "[distro-pkg-dev] 20121107 IcedTea-Web 1.1.7, 1.2.2 and 1.3.1 [security releases] released!",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html"
        },
        {
          "name": "51220",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51220"
        },
        {
          "name": "openSUSE-SU-2013:1511",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html"
        },
        {
          "name": "icedtea-applet-bo(79894)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79894"
        },
        {
          "name": "51374",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51374"
        },
        {
          "name": "1027738",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027738"
        },
        {
          "name": "USN-1625-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1625-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869040"
        },
        {
          "name": "openSUSE-SU-2013:1509",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html"
        },
        {
          "name": "[distro-pkg-dev] 20130919 IcedTea-Web 1.4.1 released!",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html"
        },
        {
          "name": "51206",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51206"
        },
        {
          "name": "openSUSE-SU-2012:1524",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html"
        },
        {
          "name": "62426",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62426"
        },
        {
          "name": "[oss-security] 20121107 IcedTea-Web CVE-2012-4540",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/11/07/5"
        },
        {
          "name": "MDVSA-2012:171",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:171"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007960"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe"
        },
        {
          "name": "openSUSE-SU-2013:0174",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-4540",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a \"triggering event attached to applet.\" NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS"
            },
            {
              "name": "DSA-2768",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2768"
            },
            {
              "name": "openSUSE-SU-2015:1595",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f"
            },
            {
              "name": "56434",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/56434"
            },
            {
              "name": "RHSA-2012:1434",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1434.html"
            },
            {
              "name": "[distro-pkg-dev] 20121107 IcedTea-Web 1.1.7, 1.2.2 and 1.3.1 [security releases] released!",
              "refsource": "MLIST",
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html"
            },
            {
              "name": "51220",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51220"
            },
            {
              "name": "openSUSE-SU-2013:1511",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html"
            },
            {
              "name": "icedtea-applet-bo(79894)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79894"
            },
            {
              "name": "51374",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51374"
            },
            {
              "name": "1027738",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027738"
            },
            {
              "name": "USN-1625-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1625-1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=869040",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869040"
            },
            {
              "name": "openSUSE-SU-2013:1509",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html"
            },
            {
              "name": "[distro-pkg-dev] 20130919 IcedTea-Web 1.4.1 released!",
              "refsource": "MLIST",
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html"
            },
            {
              "name": "51206",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51206"
            },
            {
              "name": "openSUSE-SU-2012:1524",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html"
            },
            {
              "name": "62426",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62426"
            },
            {
              "name": "[oss-security] 20121107 IcedTea-Web CVE-2012-4540",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/11/07/5"
            },
            {
              "name": "MDVSA-2012:171",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:171"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1007960",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007960"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe"
            },
            {
              "name": "openSUSE-SU-2013:0174",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-4540",
    "datePublished": "2012-11-11T11:00:00",
    "dateReserved": "2012-08-21T00:00:00",
    "dateUpdated": "2024-08-06T20:42:53.644Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3423 (GCVE-0-2012-3423)

Vulnerability from nvd – Published: 2012-08-07 21:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:12.503Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=863"
          },
          {
            "name": "SUSE-SU-2013:0851",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
          },
          {
            "name": "USN-1521-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1521-1"
          },
          {
            "name": "openSUSE-SU-2012:0982",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841345"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d65bd94e0ba9"
          },
          {
            "name": "SUSE-SU-2013:1174",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
          },
          {
            "name": "openSUSE-SU-2013:0826",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
          },
          {
            "name": "openSUSE-SU-2012:0981",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d7375e2a9076"
          },
          {
            "name": "SUSE-SU-2012:0979",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
          },
          {
            "name": "openSUSE-SU-2013:0966",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
          },
          {
            "name": "openSUSE-SU-2013:0893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
          },
          {
            "name": "RHSA-2012:1132",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
          },
          {
            "name": "50089",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50089"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-07-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-10-02T13:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=863"
        },
        {
          "name": "SUSE-SU-2013:0851",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
        },
        {
          "name": "USN-1521-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1521-1"
        },
        {
          "name": "openSUSE-SU-2012:0982",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841345"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d65bd94e0ba9"
        },
        {
          "name": "SUSE-SU-2013:1174",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
        },
        {
          "name": "openSUSE-SU-2013:0826",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
        },
        {
          "name": "openSUSE-SU-2012:0981",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d7375e2a9076"
        },
        {
          "name": "SUSE-SU-2012:0979",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
        },
        {
          "name": "openSUSE-SU-2013:0966",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
        },
        {
          "name": "openSUSE-SU-2013:0893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
        },
        {
          "name": "RHSA-2012:1132",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
        },
        {
          "name": "50089",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50089"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-3423",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
            },
            {
              "name": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=863",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=863"
            },
            {
              "name": "SUSE-SU-2013:0851",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
            },
            {
              "name": "USN-1521-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1521-1"
            },
            {
              "name": "openSUSE-SU-2012:0982",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841345",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841345"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d65bd94e0ba9",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d65bd94e0ba9"
            },
            {
              "name": "SUSE-SU-2013:1174",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
            },
            {
              "name": "openSUSE-SU-2013:0826",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
            },
            {
              "name": "openSUSE-SU-2012:0981",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d7375e2a9076",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d7375e2a9076"
            },
            {
              "name": "SUSE-SU-2012:0979",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
            },
            {
              "name": "openSUSE-SU-2013:0966",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
            },
            {
              "name": "openSUSE-SU-2013:0893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
            },
            {
              "name": "RHSA-2012:1132",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
            },
            {
              "name": "50089",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50089"
            },
            {
              "name": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-3423",
    "datePublished": "2012-08-07T21:00:00",
    "dateReserved": "2012-06-14T00:00:00",
    "dateUpdated": "2024-08-06T20:05:12.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3422 (GCVE-0-2012-3422)

Vulnerability from nvd – Published: 2012-08-07 21:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:12.373Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840592"
          },
          {
            "name": "SUSE-SU-2013:0851",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
          },
          {
            "name": "USN-1521-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1521-1"
          },
          {
            "name": "openSUSE-SU-2012:0982",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
          },
          {
            "name": "SUSE-SU-2013:1174",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
          },
          {
            "name": "openSUSE-SU-2013:0826",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
          },
          {
            "name": "openSUSE-SU-2012:0981",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
          },
          {
            "name": "SUSE-SU-2012:0979",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
          },
          {
            "name": "openSUSE-SU-2013:0966",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
          },
          {
            "name": "openSUSE-SU-2013:0893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
          },
          {
            "name": "RHSA-2012:1132",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
          },
          {
            "name": "50089",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50089"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-07-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-10-02T13:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840592"
        },
        {
          "name": "SUSE-SU-2013:0851",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
        },
        {
          "name": "USN-1521-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1521-1"
        },
        {
          "name": "openSUSE-SU-2012:0982",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
        },
        {
          "name": "SUSE-SU-2013:1174",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
        },
        {
          "name": "openSUSE-SU-2013:0826",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
        },
        {
          "name": "openSUSE-SU-2012:0981",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
        },
        {
          "name": "SUSE-SU-2012:0979",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
        },
        {
          "name": "openSUSE-SU-2013:0966",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
        },
        {
          "name": "openSUSE-SU-2013:0893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
        },
        {
          "name": "RHSA-2012:1132",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
        },
        {
          "name": "50089",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50089"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-3422",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=840592",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840592"
            },
            {
              "name": "SUSE-SU-2013:0851",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
            },
            {
              "name": "USN-1521-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1521-1"
            },
            {
              "name": "openSUSE-SU-2012:0982",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
            },
            {
              "name": "SUSE-SU-2013:1174",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
            },
            {
              "name": "openSUSE-SU-2013:0826",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
            },
            {
              "name": "openSUSE-SU-2012:0981",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
            },
            {
              "name": "SUSE-SU-2012:0979",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
            },
            {
              "name": "openSUSE-SU-2013:0966",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
            },
            {
              "name": "openSUSE-SU-2013:0893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
            },
            {
              "name": "RHSA-2012:1132",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
            },
            {
              "name": "50089",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50089"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-3422",
    "datePublished": "2012-08-07T21:00:00",
    "dateReserved": "2012-06-14T00:00:00",
    "dateUpdated": "2024-08-06T20:05:12.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0706 (GCVE-0-2011-0706)

Vulnerability from nvd – Published: 2011-02-18 23:00 – Updated: 2024-08-06 21:58
VLAI?
Summary
The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:58:26.128Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2011-1631",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "FEDORA-2011-1645",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"
          },
          {
            "name": "46439",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46439"
          },
          {
            "name": "icedtea-jnlpclassloader-priv-esc(65534)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65534"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/"
          },
          {
            "name": "43350",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43350"
          },
          {
            "name": "DSA-2224",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2224"
          },
          {
            "name": "oval:org.mitre.oval:def:14117",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677332"
          },
          {
            "name": "MDVSA-2011:054",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of \"an inappropriate security descriptor.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2011-1631",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "FEDORA-2011-1645",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"
        },
        {
          "name": "46439",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46439"
        },
        {
          "name": "icedtea-jnlpclassloader-priv-esc(65534)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65534"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/"
        },
        {
          "name": "43350",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43350"
        },
        {
          "name": "DSA-2224",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2224"
        },
        {
          "name": "oval:org.mitre.oval:def:14117",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677332"
        },
        {
          "name": "MDVSA-2011:054",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-0706",
    "datePublished": "2011-02-18T23:00:00",
    "dateReserved": "2011-01-31T00:00:00",
    "dateUpdated": "2024-08-06T21:58:26.128Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-2513 (GCVE-0-2011-2513)

Vulnerability from cvelistv5 – Published: 2014-05-14 00:00 – Updated: 2024-08-06 23:00
VLAI?
Summary
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:00:34.177Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04"
          },
          {
            "name": "USN-1178-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-1178-1"
          },
          {
            "name": "RHSA-2011:1100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
          },
          {
            "name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 \u0026 1.9.9 Released!",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227"
          },
          {
            "name": "1025854",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025854"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=718164"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-13T23:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04"
        },
        {
          "name": "USN-1178-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-1178-1"
        },
        {
          "name": "RHSA-2011:1100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
        },
        {
          "name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 \u0026 1.9.9 Released!",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227"
        },
        {
          "name": "1025854",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025854"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=718164"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-2513",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released",
              "refsource": "MLIST",
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04",
              "refsource": "MISC",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04"
            },
            {
              "name": "USN-1178-1",
              "refsource": "UBUNTU",
              "url": "http://ubuntu.com/usn/usn-1178-1"
            },
            {
              "name": "RHSA-2011:1100",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
            },
            {
              "name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 \u0026 1.9.9 Released!",
              "refsource": "MLIST",
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227",
              "refsource": "MISC",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227"
            },
            {
              "name": "1025854",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1025854"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=718164",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=718164"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-2513",
    "datePublished": "2014-05-14T00:00:00",
    "dateReserved": "2011-06-15T00:00:00",
    "dateUpdated": "2024-08-06T23:00:34.177Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-2514 (GCVE-0-2011-2514)

Vulnerability from cvelistv5 – Published: 2014-05-14 00:00 – Updated: 2024-08-06 23:00
VLAI?
Summary
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:00:34.171Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
          },
          {
            "name": "USN-1178-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-1178-1"
          },
          {
            "name": "RHSA-2011:1100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
          },
          {
            "name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 \u0026 1.9.9 Released!",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=718170"
          },
          {
            "name": "1025854",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025854"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-13T23:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
        },
        {
          "name": "USN-1178-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-1178-1"
        },
        {
          "name": "RHSA-2011:1100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
        },
        {
          "name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 \u0026 1.9.9 Released!",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=718170"
        },
        {
          "name": "1025854",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025854"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-2514",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[distro-pkg-dev] 20110720 IcedTea-Web 1.0.4 and 1.1.1 (security releases) released",
              "refsource": "MLIST",
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html"
            },
            {
              "name": "USN-1178-1",
              "refsource": "UBUNTU",
              "url": "http://ubuntu.com/usn/usn-1178-1"
            },
            {
              "name": "RHSA-2011:1100",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2011-1100.html"
            },
            {
              "name": "[distro-pkg-dev] 20110720 [SECURITY] IcedTea6 1.8.9 \u0026 1.9.9 Released!",
              "refsource": "MLIST",
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0",
              "refsource": "MISC",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388",
              "refsource": "MISC",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=718170",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=718170"
            },
            {
              "name": "1025854",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1025854"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-2514",
    "datePublished": "2014-05-14T00:00:00",
    "dateReserved": "2011-06-15T00:00:00",
    "dateUpdated": "2024-08-06T23:00:34.171Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-6493 (GCVE-0-2013-6493)

Vulnerability from cvelistv5 – Published: 2014-03-03 16:00 – Updated: 2024-08-06 17:46
VLAI?
Summary
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://mail.openjdk.java.net/pipermail/distro-pkg… mailing-listx_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=1010958 x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2131-1 vendor-advisoryx_refsource_UBUNTU
http://seclists.org/oss-sec/2014/q1/282 mailing-listx_refsource_MLIST
http://secunia.com/advisories/57036 third-party-advisoryx_refsource_SECUNIA
http://icedtea.classpath.org/hg/icedtea-web/rev/2… x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:46:22.328Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[distro-pkg-dev] 20140305 IcedTea-Web 1.4.2 released!",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-February/026192.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010958"
          },
          {
            "name": "USN-2131-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2131-1"
          },
          {
            "name": "[oss-security] 20140207 IcedTea-Web insecure temporary directory use - CVE-2013-6493",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q1/282"
          },
          {
            "name": "57036",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57036"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a"
          },
          {
            "name": "openSUSE-SU-2014:0310",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00089.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-02-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-03-07T13:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[distro-pkg-dev] 20140305 IcedTea-Web 1.4.2 released!",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-February/026192.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010958"
        },
        {
          "name": "USN-2131-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2131-1"
        },
        {
          "name": "[oss-security] 20140207 IcedTea-Web insecure temporary directory use - CVE-2013-6493",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q1/282"
        },
        {
          "name": "57036",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57036"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a"
        },
        {
          "name": "openSUSE-SU-2014:0310",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00089.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-6493",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[distro-pkg-dev] 20140305 IcedTea-Web 1.4.2 released!",
              "refsource": "MLIST",
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-February/026192.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1010958",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010958"
            },
            {
              "name": "USN-2131-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2131-1"
            },
            {
              "name": "[oss-security] 20140207 IcedTea-Web insecure temporary directory use - CVE-2013-6493",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2014/q1/282"
            },
            {
              "name": "57036",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57036"
            },
            {
              "name": "http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a"
            },
            {
              "name": "openSUSE-SU-2014:0310",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00089.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-6493",
    "datePublished": "2014-03-03T16:00:00",
    "dateReserved": "2013-11-04T00:00:00",
    "dateUpdated": "2024-08-06T17:46:22.328Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-3377 (GCVE-0-2011-3377)

Vulnerability from cvelistv5 – Published: 2014-02-05 19:00 – Updated: 2024-08-06 23:29
VLAI?
Summary
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
https://bugzilla.redhat.com/show_bug.cgi?id=742515 x_refsource_MISC
http://rhn.redhat.com/errata/RHSA-2011-1441.html vendor-advisoryx_refsource_REDHAT
http://dbhole.wordpress.com/2011/11/08/icedtea-we… x_refsource_CONFIRM
http://www.osvdb.org/76940 vdb-entryx_refsource_OSVDB
http://lists.opensuse.org/opensuse-updates/2012-0… vendor-advisoryx_refsource_SUSE
http://www.debian.org/security/2012/dsa-2420 vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/50610 vdb-entryx_refsource_BID
http://www.ubuntu.com/usn/USN-1263-1 vendor-advisoryx_refsource_UBUNTU
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:29:56.889Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=742515"
          },
          {
            "name": "RHSA-2011:1441",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2011-1441.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/"
          },
          {
            "name": "76940",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/76940"
          },
          {
            "name": "openSUSE-SU-2012:0371",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00028.html"
          },
          {
            "name": "DSA-2420",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2420"
          },
          {
            "name": "50610",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/50610"
          },
          {
            "name": "USN-1263-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1263-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-11-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-02-05T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=742515"
        },
        {
          "name": "RHSA-2011:1441",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2011-1441.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/"
        },
        {
          "name": "76940",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/76940"
        },
        {
          "name": "openSUSE-SU-2012:0371",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00028.html"
        },
        {
          "name": "DSA-2420",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2420"
        },
        {
          "name": "50610",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/50610"
        },
        {
          "name": "USN-1263-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1263-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-3377",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=742515",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=742515"
            },
            {
              "name": "RHSA-2011:1441",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2011-1441.html"
            },
            {
              "name": "http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/",
              "refsource": "CONFIRM",
              "url": "http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released/"
            },
            {
              "name": "76940",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/76940"
            },
            {
              "name": "openSUSE-SU-2012:0371",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00028.html"
            },
            {
              "name": "DSA-2420",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2420"
            },
            {
              "name": "50610",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/50610"
            },
            {
              "name": "USN-1263-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1263-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-3377",
    "datePublished": "2014-02-05T19:00:00",
    "dateReserved": "2011-08-30T00:00:00",
    "dateUpdated": "2024-08-06T23:29:56.889Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-1927 (GCVE-0-2013-1927)

Vulnerability from cvelistv5 – Published: 2013-04-29 22:00 – Updated: 2024-08-06 15:20
VLAI?
Summary
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://osvdb.org/92544 vdb-entryx_refsource_OSVDB
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/53109 third-party-advisoryx_refsource_SECUNIA
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
http://www.securityfocus.com/bid/59286 vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/53117 third-party-advisoryx_refsource_SECUNIA
http://icedtea.classpath.org/hg/release/icedtea-w… x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2013-0753.html vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
http://www.ubuntu.com/usn/USN-1804-1 vendor-advisoryx_refsource_UBUNTU
http://icedtea.classpath.org/hg/release/icedtea-w… x_refsource_CONFIRM
https://wiki.mageia.org/en/Support/Advisories/MGA… x_refsource_MISC
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
https://bugzilla.redhat.com/show_bug.cgi?id=884705 x_refsource_MISC
http://icedtea.classpath.org/hg/release/icedtea-w… x_refsource_CONFIRM
http://mail.openjdk.java.net/pipermail/distro-pkg… mailing-listx_refsource_MLIST
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:20:37.135Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "92544",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/92544"
          },
          {
            "name": "SUSE-SU-2013:0851",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
          },
          {
            "name": "openSUSE-SU-2013:0897",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
          },
          {
            "name": "MDVSA-2013:146",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
          },
          {
            "name": "SUSE-SU-2013:1174",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
          },
          {
            "name": "53109",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/53109"
          },
          {
            "name": "openSUSE-SU-2013:0826",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
          },
          {
            "name": "59286",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/59286"
          },
          {
            "name": "icedtea-cve20131927-sec-bypass(83640)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83640"
          },
          {
            "name": "openSUSE-SU-2013:0735",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
          },
          {
            "name": "53117",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/53117"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8"
          },
          {
            "name": "RHSA-2013:0753",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
          },
          {
            "name": "openSUSE-SU-2013:0966",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
          },
          {
            "name": "openSUSE-SU-2013:0893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
          },
          {
            "name": "USN-1804-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1804-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
          },
          {
            "name": "openSUSE-SU-2013:0715",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=884705"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e"
          },
          {
            "name": "[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-04-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka \"GIFAR.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "92544",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/92544"
        },
        {
          "name": "SUSE-SU-2013:0851",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
        },
        {
          "name": "openSUSE-SU-2013:0897",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
        },
        {
          "name": "MDVSA-2013:146",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
        },
        {
          "name": "SUSE-SU-2013:1174",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
        },
        {
          "name": "53109",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/53109"
        },
        {
          "name": "openSUSE-SU-2013:0826",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
        },
        {
          "name": "59286",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/59286"
        },
        {
          "name": "icedtea-cve20131927-sec-bypass(83640)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83640"
        },
        {
          "name": "openSUSE-SU-2013:0735",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
        },
        {
          "name": "53117",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/53117"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8"
        },
        {
          "name": "RHSA-2013:0753",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
        },
        {
          "name": "openSUSE-SU-2013:0966",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
        },
        {
          "name": "openSUSE-SU-2013:0893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
        },
        {
          "name": "USN-1804-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1804-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
        },
        {
          "name": "openSUSE-SU-2013:0715",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=884705"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e"
        },
        {
          "name": "[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-1927",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka \"GIFAR.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "92544",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/92544"
            },
            {
              "name": "SUSE-SU-2013:0851",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
            },
            {
              "name": "openSUSE-SU-2013:0897",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
            },
            {
              "name": "MDVSA-2013:146",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
            },
            {
              "name": "SUSE-SU-2013:1174",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
            },
            {
              "name": "53109",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/53109"
            },
            {
              "name": "openSUSE-SU-2013:0826",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
            },
            {
              "name": "59286",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/59286"
            },
            {
              "name": "icedtea-cve20131927-sec-bypass(83640)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83640"
            },
            {
              "name": "openSUSE-SU-2013:0735",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
            },
            {
              "name": "53117",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/53117"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8"
            },
            {
              "name": "RHSA-2013:0753",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
            },
            {
              "name": "openSUSE-SU-2013:0966",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
            },
            {
              "name": "openSUSE-SU-2013:0893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
            },
            {
              "name": "USN-1804-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1804-1"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
            },
            {
              "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123",
              "refsource": "MISC",
              "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
            },
            {
              "name": "openSUSE-SU-2013:0715",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=884705",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=884705"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e"
            },
            {
              "name": "[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!",
              "refsource": "MLIST",
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-1927",
    "datePublished": "2013-04-29T22:00:00",
    "dateReserved": "2013-02-19T00:00:00",
    "dateUpdated": "2024-08-06T15:20:37.135Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-1926 (GCVE-0-2013-1926)

Vulnerability from cvelistv5 – Published: 2013-04-29 22:00 – Updated: 2024-08-06 15:20
VLAI?
Summary
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://osvdb.org/92543 vdb-entryx_refsource_OSVDB
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/53109 third-party-advisoryx_refsource_SECUNIA
http://icedtea.classpath.org/hg/release/icedtea-w… x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/53117 third-party-advisoryx_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2013-0753.html vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
http://icedtea.classpath.org/hg/release/icedtea-w… x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-1804-1 vendor-advisoryx_refsource_UBUNTU
http://icedtea.classpath.org/hg/release/icedtea-w… x_refsource_CONFIRM
http://www.securityfocus.com/bid/59281 vdb-entryx_refsource_BID
https://wiki.mageia.org/en/Support/Advisories/MGA… x_refsource_MISC
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
https://bugzilla.redhat.com/show_bug.cgi?id=916774 x_refsource_MISC
http://mail.openjdk.java.net/pipermail/distro-pkg… mailing-listx_refsource_MLIST
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:20:37.229Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "92543",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/92543"
          },
          {
            "name": "SUSE-SU-2013:0851",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
          },
          {
            "name": "openSUSE-SU-2013:0897",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
          },
          {
            "name": "icedtea-cve20131940-security-bypass(83642)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83642"
          },
          {
            "name": "MDVSA-2013:146",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
          },
          {
            "name": "SUSE-SU-2013:1174",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
          },
          {
            "name": "53109",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/53109"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586"
          },
          {
            "name": "openSUSE-SU-2013:0826",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
          },
          {
            "name": "openSUSE-SU-2013:0735",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
          },
          {
            "name": "53117",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/53117"
          },
          {
            "name": "RHSA-2013:0753",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
          },
          {
            "name": "openSUSE-SU-2013:0966",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
          },
          {
            "name": "openSUSE-SU-2013:0893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c"
          },
          {
            "name": "USN-1804-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1804-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
          },
          {
            "name": "59281",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/59281"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
          },
          {
            "name": "openSUSE-SU-2013:0715",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916774"
          },
          {
            "name": "[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-04-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "92543",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/92543"
        },
        {
          "name": "SUSE-SU-2013:0851",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
        },
        {
          "name": "openSUSE-SU-2013:0897",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
        },
        {
          "name": "icedtea-cve20131940-security-bypass(83642)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83642"
        },
        {
          "name": "MDVSA-2013:146",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
        },
        {
          "name": "SUSE-SU-2013:1174",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
        },
        {
          "name": "53109",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/53109"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586"
        },
        {
          "name": "openSUSE-SU-2013:0826",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
        },
        {
          "name": "openSUSE-SU-2013:0735",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
        },
        {
          "name": "53117",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/53117"
        },
        {
          "name": "RHSA-2013:0753",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
        },
        {
          "name": "openSUSE-SU-2013:0966",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
        },
        {
          "name": "openSUSE-SU-2013:0893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c"
        },
        {
          "name": "USN-1804-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1804-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
        },
        {
          "name": "59281",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/59281"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
        },
        {
          "name": "openSUSE-SU-2013:0715",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916774"
        },
        {
          "name": "[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-1926",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "92543",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/92543"
            },
            {
              "name": "SUSE-SU-2013:0851",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
            },
            {
              "name": "openSUSE-SU-2013:0897",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html"
            },
            {
              "name": "icedtea-cve20131940-security-bypass(83642)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83642"
            },
            {
              "name": "MDVSA-2013:146",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146"
            },
            {
              "name": "SUSE-SU-2013:1174",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
            },
            {
              "name": "53109",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/53109"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586"
            },
            {
              "name": "openSUSE-SU-2013:0826",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
            },
            {
              "name": "openSUSE-SU-2013:0735",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html"
            },
            {
              "name": "53117",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/53117"
            },
            {
              "name": "RHSA-2013:0753",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html"
            },
            {
              "name": "openSUSE-SU-2013:0966",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
            },
            {
              "name": "openSUSE-SU-2013:0893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c"
            },
            {
              "name": "USN-1804-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1804-1"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS"
            },
            {
              "name": "59281",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/59281"
            },
            {
              "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123",
              "refsource": "MISC",
              "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123"
            },
            {
              "name": "openSUSE-SU-2013:0715",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=916774",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916774"
            },
            {
              "name": "[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!",
              "refsource": "MLIST",
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-1926",
    "datePublished": "2013-04-29T22:00:00",
    "dateReserved": "2013-02-19T00:00:00",
    "dateUpdated": "2024-08-06T15:20:37.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-4540 (GCVE-0-2012-4540)

Vulnerability from cvelistv5 – Published: 2012-11-11 11:00 – Updated: 2024-08-06 20:42
VLAI?
Summary
Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://security.gentoo.org/glsa/glsa-201406-32.xml vendor-advisoryx_refsource_GENTOO
http://icedtea.classpath.org/hg/release/icedtea-w… x_refsource_CONFIRM
http://www.debian.org/security/2013/dsa-2768 vendor-advisoryx_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://icedtea.classpath.org/hg/release/icedtea-w… x_refsource_CONFIRM
http://www.securityfocus.com/bid/56434 vdb-entryx_refsource_BID
http://rhn.redhat.com/errata/RHSA-2012-1434.html vendor-advisoryx_refsource_REDHAT
http://mail.openjdk.java.net/pipermail/distro-pkg… mailing-listx_refsource_MLIST
http://secunia.com/advisories/51220 third-party-advisoryx_refsource_SECUNIA
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/51374 third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1027738 vdb-entryx_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-1625-1 vendor-advisoryx_refsource_UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=869040 x_refsource_MISC
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
http://mail.openjdk.java.net/pipermail/distro-pkg… mailing-listx_refsource_MLIST
http://secunia.com/advisories/51206 third-party-advisoryx_refsource_SECUNIA
http://lists.opensuse.org/opensuse-updates/2012-1… vendor-advisoryx_refsource_SUSE
http://www.securityfocus.com/bid/62426 vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2012/11/07/5 mailing-listx_refsource_MLIST
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
https://bugzilla.redhat.com/show_bug.cgi?id=1007960 x_refsource_CONFIRM
http://icedtea.classpath.org/hg/release/icedtea-w… x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2013-0… vendor-advisoryx_refsource_SUSE
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:42:53.644Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS"
          },
          {
            "name": "DSA-2768",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2768"
          },
          {
            "name": "openSUSE-SU-2015:1595",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f"
          },
          {
            "name": "56434",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/56434"
          },
          {
            "name": "RHSA-2012:1434",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1434.html"
          },
          {
            "name": "[distro-pkg-dev] 20121107 IcedTea-Web 1.1.7, 1.2.2 and 1.3.1 [security releases] released!",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html"
          },
          {
            "name": "51220",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51220"
          },
          {
            "name": "openSUSE-SU-2013:1511",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html"
          },
          {
            "name": "icedtea-applet-bo(79894)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79894"
          },
          {
            "name": "51374",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51374"
          },
          {
            "name": "1027738",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027738"
          },
          {
            "name": "USN-1625-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1625-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869040"
          },
          {
            "name": "openSUSE-SU-2013:1509",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html"
          },
          {
            "name": "[distro-pkg-dev] 20130919 IcedTea-Web 1.4.1 released!",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html"
          },
          {
            "name": "51206",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51206"
          },
          {
            "name": "openSUSE-SU-2012:1524",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html"
          },
          {
            "name": "62426",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62426"
          },
          {
            "name": "[oss-security] 20121107 IcedTea-Web CVE-2012-4540",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/11/07/5"
          },
          {
            "name": "MDVSA-2012:171",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:171"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007960"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe"
          },
          {
            "name": "openSUSE-SU-2013:0174",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-11-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a \"triggering event attached to applet.\" NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS"
        },
        {
          "name": "DSA-2768",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2768"
        },
        {
          "name": "openSUSE-SU-2015:1595",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f"
        },
        {
          "name": "56434",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/56434"
        },
        {
          "name": "RHSA-2012:1434",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1434.html"
        },
        {
          "name": "[distro-pkg-dev] 20121107 IcedTea-Web 1.1.7, 1.2.2 and 1.3.1 [security releases] released!",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html"
        },
        {
          "name": "51220",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51220"
        },
        {
          "name": "openSUSE-SU-2013:1511",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html"
        },
        {
          "name": "icedtea-applet-bo(79894)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79894"
        },
        {
          "name": "51374",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51374"
        },
        {
          "name": "1027738",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027738"
        },
        {
          "name": "USN-1625-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1625-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869040"
        },
        {
          "name": "openSUSE-SU-2013:1509",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html"
        },
        {
          "name": "[distro-pkg-dev] 20130919 IcedTea-Web 1.4.1 released!",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html"
        },
        {
          "name": "51206",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51206"
        },
        {
          "name": "openSUSE-SU-2012:1524",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html"
        },
        {
          "name": "62426",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62426"
        },
        {
          "name": "[oss-security] 20121107 IcedTea-Web CVE-2012-4540",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/11/07/5"
        },
        {
          "name": "MDVSA-2012:171",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:171"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007960"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe"
        },
        {
          "name": "openSUSE-SU-2013:0174",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-4540",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a \"triggering event attached to applet.\" NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS"
            },
            {
              "name": "DSA-2768",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2768"
            },
            {
              "name": "openSUSE-SU-2015:1595",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f"
            },
            {
              "name": "56434",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/56434"
            },
            {
              "name": "RHSA-2012:1434",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1434.html"
            },
            {
              "name": "[distro-pkg-dev] 20121107 IcedTea-Web 1.1.7, 1.2.2 and 1.3.1 [security releases] released!",
              "refsource": "MLIST",
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html"
            },
            {
              "name": "51220",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51220"
            },
            {
              "name": "openSUSE-SU-2013:1511",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html"
            },
            {
              "name": "icedtea-applet-bo(79894)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79894"
            },
            {
              "name": "51374",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51374"
            },
            {
              "name": "1027738",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027738"
            },
            {
              "name": "USN-1625-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1625-1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=869040",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869040"
            },
            {
              "name": "openSUSE-SU-2013:1509",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html"
            },
            {
              "name": "[distro-pkg-dev] 20130919 IcedTea-Web 1.4.1 released!",
              "refsource": "MLIST",
              "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html"
            },
            {
              "name": "51206",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51206"
            },
            {
              "name": "openSUSE-SU-2012:1524",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html"
            },
            {
              "name": "62426",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62426"
            },
            {
              "name": "[oss-security] 20121107 IcedTea-Web CVE-2012-4540",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/11/07/5"
            },
            {
              "name": "MDVSA-2012:171",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:171"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1007960",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007960"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe"
            },
            {
              "name": "openSUSE-SU-2013:0174",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-4540",
    "datePublished": "2012-11-11T11:00:00",
    "dateReserved": "2012-08-21T00:00:00",
    "dateUpdated": "2024-08-06T20:42:53.644Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3422 (GCVE-0-2012-3422)

Vulnerability from cvelistv5 – Published: 2012-08-07 21:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:12.373Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840592"
          },
          {
            "name": "SUSE-SU-2013:0851",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
          },
          {
            "name": "USN-1521-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1521-1"
          },
          {
            "name": "openSUSE-SU-2012:0982",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
          },
          {
            "name": "SUSE-SU-2013:1174",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
          },
          {
            "name": "openSUSE-SU-2013:0826",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
          },
          {
            "name": "openSUSE-SU-2012:0981",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
          },
          {
            "name": "SUSE-SU-2012:0979",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
          },
          {
            "name": "openSUSE-SU-2013:0966",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
          },
          {
            "name": "openSUSE-SU-2013:0893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
          },
          {
            "name": "RHSA-2012:1132",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
          },
          {
            "name": "50089",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50089"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-07-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-10-02T13:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840592"
        },
        {
          "name": "SUSE-SU-2013:0851",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
        },
        {
          "name": "USN-1521-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1521-1"
        },
        {
          "name": "openSUSE-SU-2012:0982",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
        },
        {
          "name": "SUSE-SU-2013:1174",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
        },
        {
          "name": "openSUSE-SU-2013:0826",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
        },
        {
          "name": "openSUSE-SU-2012:0981",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
        },
        {
          "name": "SUSE-SU-2012:0979",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
        },
        {
          "name": "openSUSE-SU-2013:0966",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
        },
        {
          "name": "openSUSE-SU-2013:0893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
        },
        {
          "name": "RHSA-2012:1132",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
        },
        {
          "name": "50089",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50089"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-3422",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=840592",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840592"
            },
            {
              "name": "SUSE-SU-2013:0851",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
            },
            {
              "name": "USN-1521-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1521-1"
            },
            {
              "name": "openSUSE-SU-2012:0982",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
            },
            {
              "name": "SUSE-SU-2013:1174",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
            },
            {
              "name": "openSUSE-SU-2013:0826",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
            },
            {
              "name": "openSUSE-SU-2012:0981",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
            },
            {
              "name": "SUSE-SU-2012:0979",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
            },
            {
              "name": "openSUSE-SU-2013:0966",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
            },
            {
              "name": "openSUSE-SU-2013:0893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
            },
            {
              "name": "RHSA-2012:1132",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
            },
            {
              "name": "50089",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50089"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-3422",
    "datePublished": "2012-08-07T21:00:00",
    "dateReserved": "2012-06-14T00:00:00",
    "dateUpdated": "2024-08-06T20:05:12.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3423 (GCVE-0-2012-3423)

Vulnerability from cvelistv5 – Published: 2012-08-07 21:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:12.503Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=863"
          },
          {
            "name": "SUSE-SU-2013:0851",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
          },
          {
            "name": "USN-1521-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1521-1"
          },
          {
            "name": "openSUSE-SU-2012:0982",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841345"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d65bd94e0ba9"
          },
          {
            "name": "SUSE-SU-2013:1174",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
          },
          {
            "name": "openSUSE-SU-2013:0826",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
          },
          {
            "name": "openSUSE-SU-2012:0981",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d7375e2a9076"
          },
          {
            "name": "SUSE-SU-2012:0979",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
          },
          {
            "name": "openSUSE-SU-2013:0966",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
          },
          {
            "name": "openSUSE-SU-2013:0893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
          },
          {
            "name": "RHSA-2012:1132",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
          },
          {
            "name": "50089",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50089"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-07-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-10-02T13:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=863"
        },
        {
          "name": "SUSE-SU-2013:0851",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
        },
        {
          "name": "USN-1521-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1521-1"
        },
        {
          "name": "openSUSE-SU-2012:0982",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841345"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d65bd94e0ba9"
        },
        {
          "name": "SUSE-SU-2013:1174",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
        },
        {
          "name": "openSUSE-SU-2013:0826",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
        },
        {
          "name": "openSUSE-SU-2012:0981",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d7375e2a9076"
        },
        {
          "name": "SUSE-SU-2012:0979",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
        },
        {
          "name": "openSUSE-SU-2013:0966",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
        },
        {
          "name": "openSUSE-SU-2013:0893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
        },
        {
          "name": "RHSA-2012:1132",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
        },
        {
          "name": "50089",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50089"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-3423",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
            },
            {
              "name": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=863",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=863"
            },
            {
              "name": "SUSE-SU-2013:0851",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
            },
            {
              "name": "USN-1521-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1521-1"
            },
            {
              "name": "openSUSE-SU-2012:0982",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841345",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841345"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d65bd94e0ba9",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d65bd94e0ba9"
            },
            {
              "name": "SUSE-SU-2013:1174",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
            },
            {
              "name": "openSUSE-SU-2013:0826",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
            },
            {
              "name": "openSUSE-SU-2012:0981",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
            },
            {
              "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d7375e2a9076",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d7375e2a9076"
            },
            {
              "name": "SUSE-SU-2012:0979",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
            },
            {
              "name": "openSUSE-SU-2013:0966",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
            },
            {
              "name": "openSUSE-SU-2013:0893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
            },
            {
              "name": "RHSA-2012:1132",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
            },
            {
              "name": "50089",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50089"
            },
            {
              "name": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518",
              "refsource": "CONFIRM",
              "url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-3423",
    "datePublished": "2012-08-07T21:00:00",
    "dateReserved": "2012-06-14T00:00:00",
    "dateUpdated": "2024-08-06T20:05:12.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0706 (GCVE-0-2011-0706)

Vulnerability from cvelistv5 – Published: 2011-02-18 23:00 – Updated: 2024-08-06 21:58
VLAI?
Summary
The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:58:26.128Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2011-1631",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "FEDORA-2011-1645",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"
          },
          {
            "name": "46439",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46439"
          },
          {
            "name": "icedtea-jnlpclassloader-priv-esc(65534)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65534"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/"
          },
          {
            "name": "43350",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43350"
          },
          {
            "name": "DSA-2224",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2224"
          },
          {
            "name": "oval:org.mitre.oval:def:14117",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677332"
          },
          {
            "name": "MDVSA-2011:054",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of \"an inappropriate security descriptor.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2011-1631",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "FEDORA-2011-1645",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"
        },
        {
          "name": "46439",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46439"
        },
        {
          "name": "icedtea-jnlpclassloader-priv-esc(65534)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65534"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/"
        },
        {
          "name": "43350",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43350"
        },
        {
          "name": "DSA-2224",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2224"
        },
        {
          "name": "oval:org.mitre.oval:def:14117",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677332"
        },
        {
          "name": "MDVSA-2011:054",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-0706",
    "datePublished": "2011-02-18T23:00:00",
    "dateReserved": "2011-01-31T00:00:00",
    "dateUpdated": "2024-08-06T21:58:26.128Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}