CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
91.2%
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote
attackers to execute arbitrary code via a crafted file that validates as
both a GIF and a Java JAR file, aka “GIFAR.”
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | icedtea-web | < 1.2.3-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | icedtea-web | < 1.2.3-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | icedtea-web | < 1.2.3-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | icedtea-web | < 1.3.2-1ubuntu0.12.10.1 | UNKNOWN |
mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html
mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022799.html
launchpad.net/bugs/cve/CVE-2013-1927
nvd.nist.gov/vuln/detail/CVE-2013-1927
security-tracker.debian.org/tracker/CVE-2013-1927
ubuntu.com/security/notices/USN-1804-1
www.cve.org/CVERecord?id=CVE-2013-1927