This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Redhat First view 2012-11-11
Product Icedtea-Web Last view 2014-03-03
Version 1.3 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:redhat:icedtea-web

Activity : Overall

Related : CVE

  Date Alert Description
2.1 2014-03-03 CVE-2013-6493

The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.

6.8 2013-04-29 CVE-2013-1927

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."

5.8 2013-04-29 CVE-2013-1926

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.

6.8 2012-11-11 CVE-2012-4540

Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-200 Information Exposure
50% (1) CWE-189 Numeric Errors

OpenVAS Exploits

id Description
2012-11-15 Name : Fedora Update for icedtea-web FEDORA-2012-17745
File : nvt/gb_fedora_2012_17745_icedtea-web_fc16.nasl
2012-11-15 Name : Fedora Update for icedtea-web FEDORA-2012-17762
File : nvt/gb_fedora_2012_17762_icedtea-web_fc17.nasl
2012-11-09 Name : CentOS Update for icedtea-web CESA-2012:1434 centos6
File : nvt/gb_CESA-2012_1434_icedtea-web_centos6.nasl
2012-11-09 Name : RedHat Update for icedtea-web RHSA-2012:1434-01
File : nvt/gb_RHSA-2012_1434-01_icedtea-web.nasl
2012-11-09 Name : Ubuntu Update for icedtea-web USN-1625-1
File : nvt/gb_ubuntu_USN_1625_1.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2015-09-23 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-602.nasl - Type: ACT_GATHER_INFO
2014-06-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201406-32.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-797.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-371.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-372.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-373.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-439.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-733.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-176.nasl - Type: ACT_GATHER_INFO
2014-03-20 Name: The remote SuSE 11 host is missing a security update.
File: suse_11_icedtea-web-140304.nasl - Type: ACT_GATHER_INFO
2014-03-07 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2131-1.nasl - Type: ACT_GATHER_INFO
2013-10-06 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2768.nasl - Type: ACT_GATHER_INFO
2013-10-04 Name: The remote Fedora host is missing a security update.
File: fedora_2013-17016.nasl - Type: ACT_GATHER_INFO
2013-10-03 Name: The remote SuSE 11 host is missing a security update.
File: suse_11_icedtea-web-130924.nasl - Type: ACT_GATHER_INFO
2013-09-23 Name: The remote Fedora host is missing a security update.
File: fedora_2013-16971.nasl - Type: ACT_GATHER_INFO
2013-09-21 Name: The remote Fedora host is missing a security update.
File: fedora_2013-17026.nasl - Type: ACT_GATHER_INFO
2013-07-18 Name: The remote SuSE 11 host is missing a security update.
File: suse_11_icedtea-web-130702.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2013-0753.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2012-1434.nasl - Type: ACT_GATHER_INFO
2013-06-02 Name: The remote SuSE 11 host is missing a security update.
File: suse_11_icedtea-web-130517.nasl - Type: ACT_GATHER_INFO
2013-04-29 Name: The remote SuSE 11 host is missing a security update.
File: suse_11_icedtea-web-130419.nasl - Type: ACT_GATHER_INFO
2013-04-26 Name: The remote Fedora host is missing a security update.
File: fedora_2013-5877.nasl - Type: ACT_GATHER_INFO
2013-04-24 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1804-2.nasl - Type: ACT_GATHER_INFO
2013-04-20 Name: The remote Fedora host is missing a security update.
File: fedora_2013-5925.nasl - Type: ACT_GATHER_INFO
2013-04-19 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1804-1.nasl - Type: ACT_GATHER_INFO