CVE-2013-1927 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 85%

Affected Products (NVD)

Vendor	Product	Version
redhat	icedtea-web	𝑥 ≤ 1.2.2
redhat	icedtea-web	1.0
redhat	icedtea-web	1.0.1
redhat	icedtea-web	1.0.2
redhat	icedtea-web	1.0.3
redhat	icedtea-web	1.0.4
redhat	icedtea-web	1.0.5
redhat	icedtea-web	1.0.6
redhat	icedtea-web	1.1
redhat	icedtea-web	1.1.1
redhat	icedtea-web	1.1.2
redhat	icedtea-web	1.1.3
redhat	icedtea-web	1.1.4
redhat	icedtea-web	1.1.5
redhat	icedtea-web	1.1.6
redhat	icedtea-web	1.1.7
redhat	icedtea-web	1.2
redhat	icedtea-web	1.2.1
redhat	icedtea-web	1.3
redhat	icedtea-web	1.3.1
canonical	ubuntu_linux	10.04
canonical	ubuntu_linux	11.10
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	12.10
opensuse	opensuse	12.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

icedtea-web

bookworm	1.8.8-2 fixed
bullseye	1.8.4-1 fixed
sid	1.8.8-3 fixed
trixie	1.8.8-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

icedtea-web

hardy	dne
lucid	Fixed 1.2.3-0ubuntu0.10.04.1 released
oneiric	Fixed 1.2.3-0ubuntu0.11.10.1 released
precise	Fixed 1.2.3-0ubuntu0.12.04.1 released
quantal	Fixed 1.3.2-1ubuntu0.12.10.1 released

openSUSE / SLES Releases

openSUSE Product

Release

java-1_7_0-openjdk-plugin

suse enterprise desktop 12 SP1	1.6.1-2.3.1 fixed
suse enterprise desktop 12 SP2	1.6.1-2.3.1 fixed
suse enterprise desktop 12 SP3	1.6.2-2.8.3 fixed
suse enterprise desktop 12 SP4	1.6.2-2.8.3 fixed
suse enterprise sap 12 SP1	1.6.1-2.3.1 fixed
suse enterprise sap 12 SP2	1.6.1-2.3.1 fixed
suse enterprise sap 12 SP3	1.6.2-2.8.3 fixed
suse enterprise sap 12 SP4	1.6.2-2.8.3 fixed
suse enterprise sap 12 SP5	1.6.2-2.8.3 fixed
suse enterprise server 12 SP1	1.6.1-2.3.1 fixed
suse enterprise server 12 SP2	1.6.1-2.3.1 fixed
suse enterprise server 12 SP3	1.6.2-2.8.3 fixed
suse enterprise server 12 SP4	1.6.2-2.8.3 fixed
suse enterprise server 12 SP5	1.6.2-2.8.3 fixed
suse enterprise workstation 12 SP1	1.6.1-2.3.1 fixed
suse enterprise workstation 12 SP2	1.6.1-2.3.1 fixed
suse enterprise workstation 12 SP3	1.6.2-2.8.3 fixed
suse enterprise workstation 12 SP4	1.6.2-2.8.3 fixed
suse enterprise workstation 12 SP5	1.6.2-2.8.3 fixed

java-1_8_0-openjdk-plugin

suse enterprise desktop 12 SP1	1.6.1-2.4.21 fixed
suse enterprise desktop 12 SP2	1.6.1-2.4.21 fixed
suse enterprise desktop 12 SP3	1.6.2-2.10.3 fixed
suse enterprise desktop 12 SP4	1.6.2-2.10.3 fixed
suse enterprise sap 12 SP1	1.6.1-2.4.21 fixed
suse enterprise sap 12 SP2	1.6.1-2.4.21 fixed
suse enterprise sap 12 SP3	1.6.2-2.10.3 fixed
suse enterprise sap 12 SP4	1.6.2-2.10.3 fixed
suse enterprise sap 12 SP5	1.6.2-2.10.3 fixed
suse enterprise server 12 SP1	1.6.1-2.4.21 fixed
suse enterprise server 12 SP2	1.6.1-2.4.21 fixed
suse enterprise server 12 SP3	1.6.2-2.10.3 fixed
suse enterprise server 12 SP4	1.6.2-2.10.3 fixed
suse enterprise server 12 SP5	1.6.2-2.10.3 fixed
suse enterprise workstation 12 SP1	1.6.1-2.4.21 fixed
suse enterprise workstation 12 SP2	1.6.1-2.4.21 fixed
suse enterprise workstation 12 SP3	1.6.2-2.10.3 fixed
suse enterprise workstation 12 SP4	1.6.2-2.10.3 fixed
suse enterprise workstation 12 SP5	1.6.2-2.10.3 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

icedtea-web

RHEL 6

0:1.2.3-2.el6_4

fixed

icedtea-web-javadoc

RHEL 6

0:1.2.3-2.el6_4

fixed

References

http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS

http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e

http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html

http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html

http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html

http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html

http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html

http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html

http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html

http://osvdb.org/92544

http://rhn.redhat.com/errata/RHSA-2013-0753.html

http://secunia.com/advisories/53109

http://secunia.com/advisories/53117

http://www.mandriva.com/security/advisories?name=MDVSA-2013:146

http://www.securityfocus.com/bid/59286

http://www.ubuntu.com/usn/USN-1804-1

https://bugzilla.redhat.com/show_bug.cgi?id=884705

https://exchange.xforce.ibmcloud.com/vulnerabilities/83640

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123

http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS

http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e

http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html

http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html

http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html

http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html

http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html

http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html

http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html

http://osvdb.org/92544

http://rhn.redhat.com/errata/RHSA-2013-0753.html

http://secunia.com/advisories/53109

http://secunia.com/advisories/53117

http://www.mandriva.com/security/advisories?name=MDVSA-2013:146

http://www.securityfocus.com/bid/59286

http://www.ubuntu.com/usn/USN-1804-1

https://bugzilla.redhat.com/show_bug.cgi?id=884705

https://exchange.xforce.ibmcloud.com/vulnerabilities/83640

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123