VDB
CVE-2013-6493
CVE-2013-6493
PUBLISHED
CVSS 2.0999999046325684 LOW
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.
EPSS 0.06% · 18.8th percentile
Risk Scores
CVSS 2.0
2.0999999046325684
EPSS Score
0.06%
18.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| redhat | icedtea-web | 0, 1.0.2, 1.0.3 |
Timeline
- Mar 3, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- [distro-pkg-dev] 20140305 IcedTea-Web 1.4.2 released! mailing-list
- https://bugzilla.redhat.com/show_bug.cgi?id=1010958 url
- USN-2131-1 vendor-advisory
- [oss-security] 20140207 IcedTea-Web insecure temporary directory use - CVE-2013-6493 mailing-list
- 57036 third-party-advisory
- http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a url
- openSUSE-SU-2014:0310 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2013-6493 advisory