CVE-2013-6493
IcedTea-Web < 1.4.2 - Local Information Disclosure via Predictable Socket File
Title source: llmDescription
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.
References (7)
Core 7
Core References
Various Sources mailing-list
x_refsource_mlist
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-February/026192.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1010958
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2131-1
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/282
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57036
Exploit, Patch x_refsource_confirm
http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-02/msg00089.html
Scores
EPSS
0.0048
EPSS Percentile
38.1%
Details
CWE
CWE-200
Status
published
Products (20)
redhat/icedtea-web
1.0.1
redhat/icedtea-web
1.0.2
redhat/icedtea-web
1.0.3
redhat/icedtea-web
1.0.4
redhat/icedtea-web
1.0.5
redhat/icedtea-web
1.0.6
redhat/icedtea-web
1.1
redhat/icedtea-web
1.1.1
redhat/icedtea-web
1.1.2
redhat/icedtea-web
1.1.3
... and 10 more
Published
Mar 03, 2014
Tracked Since
Feb 18, 2026