Vulnerability Details : CVE-2013-6493
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2013-6493
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-6493
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2013-6493
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6493
-
http://seclists.org/oss-sec/2014/q1/282
oss-sec: IcedTea-Web insecure temporary directory use - CVE-2013-6493
-
http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a
Exploit;Patch
-
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-February/026192.html
IcedTea-Web 1.4.2 released!
-
https://bugzilla.redhat.com/show_bug.cgi?id=1010958
1010958 – (CVE-2013-6493) CVE-2013-6493 icedtea-web: insecure temporary file use flaw in LiveConnect implementation
-
http://www.ubuntu.com/usn/USN-2131-1
USN-2131-1: IcedTea Web vulnerability | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-updates/2014-02/msg00089.html
openSUSE-SU-2014:0310-1: moderate: icedtea-web: 1.4.2 bugfix update
Products affected by CVE-2013-6493
- cpe:2.3:a:redhat:icedtea-web:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea-web:1.2.2:*:*:*:*:*:*:*