Lucene search

K

Veracode Vulnerability DatabaseVERACODE:10781

HistoryJan 15, 2019 - 8:52 a.m.

Information Disclosure

2019-01-1508:52:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

11

EPSS

0.004

Percentile

75.0%

IcedTea-Web plug-in is vulnerable to information disclosure. The application incorrectly uses the same class loader instance for applets with the same value of the codebase attribute even if they originated from different domains. An attacker is able to create a malicious applet to exploit the vulnerability to obtain confidential information, or possible modify other applets.

References

icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS

icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586

icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c

lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html

lists.opensuse.org/opensuse-updates/2013-04/msg00106.html

lists.opensuse.org/opensuse-updates/2013-05/msg00003.html

lists.opensuse.org/opensuse-updates/2013-05/msg00032.html

lists.opensuse.org/opensuse-updates/2013-06/msg00030.html

lists.opensuse.org/opensuse-updates/2013-06/msg00034.html

lists.opensuse.org/opensuse-updates/2013-06/msg00101.html

mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html

osvdb.org/92543

rhn.redhat.com/errata/RHSA-2013-0753.html

secunia.com/advisories/53109

secunia.com/advisories/53117

www.mandriva.com/security/advisories?name=MDVSA-2013:146

www.securityfocus.com/bid/59281

www.ubuntu.com/usn/USN-1804-1

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=916774

exchange.xforce.ibmcloud.com/vulnerabilities/83642

rhn.redhat.com/errata/RHSA-2013-0753.html

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123

EPSS

0.004

Percentile

75.0%

Related for VERACODE:10781

prion1 debiancve1 cvelist1 nvd1 ubuntucve1 cve1 openvas15 veracode1 nessus16 redhat1 centos1 securityvulns2 oraclelinux1 ubuntu2 fedora4 suse2