CVE-2013-6493
EPSS 0.06%
Description
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.
How to fix CVE-2013-6493
To remediate CVE-2013-6493, upgrade the affected package to a fixed version below.
- Debian/icedtea-web—upgrade to 1.4.2-1 or later
Is CVE-2013-6493 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.4.2-1