CVE-2013-1926
EPSS 0.88%
Description
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.
How to fix CVE-2013-1926
To remediate CVE-2013-1926, upgrade the affected package to a fixed version below.
- Debian/icedtea-web—upgrade to 1.3.2-1 or later
Is CVE-2013-1926 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.3.2-1