Vulnerabilities > CVE-2013-1926 - Security Bypass vulnerability in IcedTea-Web

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE

Summary

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet. Per http://www.ubuntu.com/usn/USN-1804-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 Ubuntu 10.04 LTS" Per http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html "Affected Products: openSUSE 12.2"

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-5962.NASL
    descriptionNew in release 1.3.2 (2013-04-17) : - Security Updates - CVE-2013-1927, RH884705: fixed gifar vulnerability - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - Common - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized. - NetX - PR580: http://www.horaoficial.cl/ loads improperly - Plugin PR1260: IcedTea-Web should not rely on GTK PR1157: Applets can hang browser after fatal exception Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-04-18
    plugin id66011
    published2013-04-18
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66011
    titleFedora 18 : icedtea-web-1.3.2-0.fc18 (2013-5962)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_ICEDTEA-WEB-130419.NASL
    descriptionThis update to version 1.3.2 fixes several security updates and common fixes. (bnc#815596) Security Updates - fixed gifar vulnerability. (CVE-2013-1927) - Class-loader incorrectly shared for applets with same relative-path. Common. (CVE-2013-1926) - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized. NetX - PR580: http://www.horaoficial.cl/ loads improperly Plugin - PR1260: IcedTea-Web should not rely on GTK obsoletes icedtea-web-remove-gtk-dep.patch - PR1157: Applets can hang browser after fatal exception
    last seen2020-06-05
    modified2013-04-29
    plugin id66253
    published2013-04-29
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66253
    titleSuSE 11.2 Security Update : icedtea-web (SAT Patch Number 7642)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-373.NASL
    description - update to 1.3.2 (bnc#815596) - Security Updates - CVE-2013-1927, RH884705: fixed gifar vulnerability - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - Common - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized. - NetX - PR580: http://www.horaoficial.cl/ loads improperly - Plugin - PR1260: IcedTea-Web should not rely on GTK obsoletes icedtea-web-remove-gtk-dep.patch - PR1157: Applets can hang browser after fatal exception
    last seen2020-06-05
    modified2014-06-13
    plugin id74981
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74981
    titleopenSUSE Security Update : icedtea-web (openSUSE-SU-2013:0897-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0753.NASL
    descriptionUpdated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. It was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains. A malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser. (CVE-2013-1926) The IcedTea-Web plug-in did not properly check the format of the downloaded Java Archive (JAR) files. This could cause the plug-in to execute code hidden in a file in a different format, possibly allowing attackers to execute code in the context of websites that allow uploads of specific file types, known as a GIFAR attack. (CVE-2013-1927) The CVE-2013-1926 issue was discovered by Jiri Vanek of the Red Hat OpenJDK Team, and CVE-2013-1927 was discovered by the Red Hat Security Response Team. This erratum also upgrades IcedTea-Web to version 1.2.3. Refer to the NEWS file, linked to in the References, for further information. All IcedTea-Web users should upgrade to these updated packages, which resolve these issues. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id66015
    published2013-04-18
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66015
    titleRHEL 6 : icedtea-web (RHSA-2013:0753)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-371.NASL
    description - update to 1.3.2 (bnc#815596) - Security Updates - CVE-2013-1927, RH884705: fixed gifar vulnerability - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - Common - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized. - NetX - PR580: http://www.horaoficial.cl/ loads improperly - Plugin - PR1260: IcedTea-Web should not rely on GTK obsoletes icedtea-web-remove-gtk-dep.patch - PR1157: Applets can hang browser after fatal exception - Add icedtea-web-remove-gtk-dep.patch, build icedtea-web without GTK. Plugin now works in both gtk2 and gtk3 based browsers. - limit the provides/obsoletes to architectures, where -plugin package existed and don
    last seen2020-06-05
    modified2014-06-13
    plugin id74979
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74979
    titleopenSUSE Security Update : icedtea-web (openSUSE-SU-2013:0715-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_ICEDTEA-WEB-130702.NASL
    descriptionThis update to IcedTea-Web 1.4 provides the following fixes and enhancements : - Security updates - RH916774: Class-loader incorrectly shared for applets with same relative-path. (CVE-2013-1926) - RH884705: fixed gifar vulnerabilit. (CVE-2013-1927) - RH840592: Potential read from an uninitialized memory location. (CVE-2012-3422) - RH841345: Incorrect handling of not 0-terminated strings. (CVE-2012-3423) - RH884705: fixed gifar vulnerability. (CVE-2013-1927) - RH916774: Class-loader incorrectly shared for applets with same relative-path. (CVE-2013-1926) - NetX - PR1027: DownloadService is not supported by IcedTea-Web - PR725: JNLP applications will prompt for creating desktop shortcuts every time they are run - PR1292: Javaws does not resolve versioned jar names with periods correctly - PR580: http://www.horaoficial.cl/ loads improperly. - Plugin - PR1106: Buffer overflow in plugin table- - PR1166: Embedded JNLP File is not supported in applet tag - PR1217: Add command line arguments for plugins - PR1189: Icedtea-plugin requires code attribute when using jnlp_href - PR1198: JSObject is not passed to JavaScript correctly - PR1260: IcedTea-Web should not rely on GTK - PR1157: Applets can hang browser after fatal exception - PR580: http://www.horaoficial.cl/ loads improperly - PR1260: IcedTea-Web should not rely on GTK - PR1157: Applets can hang browser after fatal exception. - Common - PR1049: Extension jnlp
    last seen2020-06-05
    modified2013-07-18
    plugin id68953
    published2013-07-18
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/68953
    titleSuSE 11.3 Security Update : icedtea-web (SAT Patch Number 7981)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130417_ICEDTEA_WEB_ON_SL6_X.NASL
    descriptionIt was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains. A malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser. (CVE-2013-1926) The IcedTea-Web plug-in did not properly check the format of the downloaded Java Archive (JAR) files. This could cause the plug-in to execute code hidden in a file in a different format, possibly allowing attackers to execute code in the context of websites that allow uploads of specific file types, known as a GIFAR attack. (CVE-2013-1927) This erratum also upgrades IcedTea-Web to version 1.2.3. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.
    last seen2020-03-18
    modified2013-04-18
    plugin id66017
    published2013-04-18
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66017
    titleScientific Linux Security Update : icedtea-web on SL6.x i386/x86_64 (20130417)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-372.NASL
    description - update to 1.3.2 (bnc#815596) - Security Updates - CVE-2013-1927, RH884705: fixed gifar vulnerability - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - Common - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized. - NetX - PR580: http://www.horaoficial.cl/ loads improperly - Plugin - PR1260: IcedTea-Web should not rely on GTK obsoletes icedtea-web-remove-gtk-dep.patch - PR1157: Applets can hang browser after fatal exception
    last seen2020-06-05
    modified2014-06-13
    plugin id74980
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74980
    titleopenSUSE Security Update : icedtea-web (openSUSE-SU-2013:0735-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-0753.NASL
    descriptionUpdated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. It was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains. A malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser. (CVE-2013-1926) The IcedTea-Web plug-in did not properly check the format of the downloaded Java Archive (JAR) files. This could cause the plug-in to execute code hidden in a file in a different format, possibly allowing attackers to execute code in the context of websites that allow uploads of specific file types, known as a GIFAR attack. (CVE-2013-1927) The CVE-2013-1926 issue was discovered by Jiri Vanek of the Red Hat OpenJDK Team, and CVE-2013-1927 was discovered by the Red Hat Security Response Team. This erratum also upgrades IcedTea-Web to version 1.2.3. Refer to the NEWS file, linked to in the References, for further information. All IcedTea-Web users should upgrade to these updated packages, which resolve these issues. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id66003
    published2013-04-18
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66003
    titleCentOS 6 : icedtea-web (CESA-2013:0753)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1804-2.NASL
    descriptionUSN-1804-1 fixed vulnerabilities in IcedTea-Web. This update introduced a regression with the Java Network Launching Protocol (JNLP) when fetching content over SSL under certain configurations, such as when using the community-supported IcedTead 7 browser plugin. This update fixes the problem. We apologize for the inconvenience. Jiri Vanek discovered that IcedTea-Web would use the same classloader for applets from different domains. A remote attacker could exploit this to expose sensitive information or potentially manipulate applets from other domains. (CVE-2013-1926) It was discovered that IcedTea-Web did not properly verify JAR files and was susceptible to the GIFAR attack. If a user were tricked into opening a malicious website, a remote attacker could potentially exploit this to execute code under certain circumstances. (CVE-2013-1927). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id66199
    published2013-04-24
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66199
    titleUbuntu 11.10 / 12.04 LTS : icedtea-web regression (USN-1804-2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1804-1.NASL
    descriptionJiri Vanek discovered that IcedTea-Web would use the same classloader for applets from different domains. A remote attacker could exploit this to expose sensitive information or potentially manipulate applets from other domains. (CVE-2013-1926) It was discovered that IcedTea-Web did not properly verify JAR files and was susceptible to the GIFAR attack. If a user were tricked into opening a malicious website, a remote attacker could potentially exploit this to execute code under certain circumstances. (CVE-2013-1927). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id66032
    published2013-04-19
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66032
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : icedtea-web vulnerabilities (USN-1804-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-0753.NASL
    descriptionFrom Red Hat Security Advisory 2013:0753 : Updated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. It was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains. A malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser. (CVE-2013-1926) The IcedTea-Web plug-in did not properly check the format of the downloaded Java Archive (JAR) files. This could cause the plug-in to execute code hidden in a file in a different format, possibly allowing attackers to execute code in the context of websites that allow uploads of specific file types, known as a GIFAR attack. (CVE-2013-1927) The CVE-2013-1926 issue was discovered by Jiri Vanek of the Red Hat OpenJDK Team, and CVE-2013-1927 was discovered by the Red Hat Security Response Team. This erratum also upgrades IcedTea-Web to version 1.2.3. Refer to the NEWS file, linked to in the References, for further information. All IcedTea-Web users should upgrade to these updated packages, which resolve these issues. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68813
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68813
    titleOracle Linux 6 : icedtea-web (ELSA-2013-0753)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-439.NASL
    descriptionChanges in icedtea-web with update to 1.4 (bnc#818768) : - Added cs, de, pl localization - Splash screen for javaws and plugin - Better error reporting for plugin via Error-splash-screen - All IcedTea-Web dialogues are centered to middle of active screen - Download indicator made compact for more then one jar - User can select its own JVM via itw-settings and deploy.properties. - Added extended applets security settings and dialogue - Security updates - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - CVE-2013-1927, RH884705: fixed gifar vulnerabilit - CVE-2012-3422, RH840592: Potential read from an uninitialized memory location - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings - NetX - PR1027: DownloadService is not supported by IcedTea-Web - PR725: JNLP applications will prompt for creating desktop shortcuts every time they are run - PR1292: Javaws does not resolve versioned jar names with periods correctly - Plugin - PR1106: Buffer overflow in plugin table- - PR1166: Embedded JNLP File is not supported in applet tag - PR1217: Add command line arguments for plugins - PR1189: Icedtea-plugin requires code attribute when using jnlp_href - PR1198: JSObject is not passed to JavaScript correctly - PR1260: IcedTea-Web should not rely on GTK - PR1157: Applets can hang browser after fatal exception - PR580: http://www.horaoficial.cl/ loads improperly - Common - PR1049: Extension jnlp
    last seen2020-06-05
    modified2014-06-13
    plugin id75010
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75010
    titleopenSUSE Security Update : icedtea-web (openSUSE-SU-2013:0893-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-5877.NASL
    descriptionNew in release 1.3.2 (2013-04-17) : - Security Updates - CVE-2013-1927, RH884705: fixed gifar vulnerability - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - Common - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized. - NetX - PR580: http://www.horaoficial.cl/ loads improperly - Plugin PR1260: IcedTea-Web should not rely on GTK PR1157: Applets can hang browser after fatal exception Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-04-26
    plugin id66220
    published2013-04-26
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66220
    titleFedora 19 : icedtea-web-1.3.2-0.fc19 (2013-5877)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-5925.NASL
    description - Security Updates - CVE-2013-1927, RH884705: fixed gifar vulnerability - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - Common - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized. - NetX - PR580: http://www.horaoficial.cl/ loads improperly - Plugin PR1260: IcedTea-Web should not rely on GTK PR1157: Applets can hang browser after fatal exceptio Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-04-20
    plugin id66039
    published2013-04-20
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66039
    titleFedora 17 : icedtea-web-1.3.2-0.fc17 (2013-5925)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_ICEDTEA-WEB-130517.NASL
    descriptionThis update of icedtea-web fixes several bugs and security issues.
    last seen2020-06-05
    modified2013-06-02
    plugin id66741
    published2013-06-02
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66741
    titleSuSE 11.2 Security Update : icedtea-web (SAT Patch Number 7742)

Redhat

advisories
rhsa
idRHSA-2013:0753
rpms
  • icedtea-web-0:1.2.3-2.el6_4
  • icedtea-web-debuginfo-0:1.2.3-2.el6_4
  • icedtea-web-javadoc-0:1.2.3-2.el6_4