CVE-2013-1927

Severity

68%

Complexity

86%

Confidentiality

106%

Per http://www.ubuntu.com/usn/USN-1804-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 Ubuntu 10.04 LTS" Per http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html "Affected Products: openSUSE 12.2"

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."

Per http://www.ubuntu.com/usn/USN-1804-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 Ubuntu 10.04 LTS" Per http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html "Affected Products: openSUSE 12.2"

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 12 years ago

2013-04-29 22:55:00

Last updated 6 years ago

2018-10-30 16:27:00

Affected Software

IcedTea project IcedTea-Web 1.0

1.0

IcedTea project IcedTea-Web 1.0.1

1.0.1

IcedTea project IcedTea-Web 1.0.2

1.0.2

IcedTea project IcedTea-Web 1.0.3

1.0.3

Red Hat IcedTea-Web 1.0.4

1.0.4

Red Hat IcedTea-Web 1.0.5

1.0.5

Red Hat IcedTea-Web 1.0.6

1.0.6

IcedTea project IcedTea-Web 1.1

1.1

Red Hat IcedTea-Web 1.1.1

1.1.1

Red Hat IcedTea-Web 1.1.2

1.1.2

Red Hat IcedTea-Web 1.1.3

1.1.3

Red Hat IcedTea-Web 1.1.4

1.1.4

Red Hat IcedTea-Web 1.1.5

1.1.5

Red Hat IcedTea-Web 1.1.6

1.1.6

Red Hat IcedTea-Web 1.1.7

1.1.7

Red Hat IcedTea-Web 1.2

1.2

Red Hat IcedTea-Web 1.2.1

1.2.1

Red Hat IcedTea-Web 1.3

1.3

Red Hat IcedTea-Web 1.3.1

1.3.1

Canonical Ubuntu Linux 10.04 LTS

10.04

Canonical Ubuntu Linux 11.10

11.10

Canonical Ubuntu Linux 12.04 LTS (Long-Term Support)

12.04

Canonical Ubuntu Linux 12.10

12.10

OpenSUSE 12.2

12.2

References

http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS

http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e

http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8

SUSE-SU-2013:0851

SUSE-SU-2013:1174

openSUSE-SU-2013:0715

openSUSE-SU-2013:0735

openSUSE-SU-2013:0826

openSUSE-SU-2013:0893

openSUSE-SU-2013:0897

openSUSE-SU-2013:0966

[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!

92544

RHSA-2013:0753

53109

Vendor Advisory

53117

Vendor Advisory

MDVSA-2013:146

59286

USN-1804-1

https://bugzilla.redhat.com/show_bug.cgi?id=884705

icedtea-cve20131927-sec-bypass(83640)

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.