VIR Vulnerability Intelligence Relay

CVE-2013-6493

low
Published 2014-03-03 · Modified 2026-04-29
CVSS v3
VIR risk
2.1

Description

The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed1.4.2-1
debian debianbullseyefixed1.4.2-1
debian debianforkyfixed1.4.2-1
debian debiansidfixed1.4.2-1
debian debiantrixiefixed1.4.2-1

Application impact
VendorProductVersionsFixed
redhat redhaticedtea-web{"endIncluding":"1.3.2"}
redhat redhaticedtea-web1.0.1
redhat redhaticedtea-web1.0.2
redhat redhaticedtea-web1.0.3
redhat redhaticedtea-web1.0.4
redhat redhaticedtea-web1.0.5
redhat redhaticedtea-web1.0.6
redhat redhaticedtea-web1.1
redhat redhaticedtea-web1.1.1
redhat redhaticedtea-web1.1.2
redhat redhaticedtea-web1.1.3
redhat redhaticedtea-web1.1.4
redhat redhaticedtea-web1.1.5
redhat redhaticedtea-web1.1.6
redhat redhaticedtea-web1.1.7
redhat redhaticedtea-web1.2
redhat redhaticedtea-web1.2.1
redhat redhaticedtea-web1.2.2
redhat redhaticedtea-web1.3
redhat redhaticedtea-web1.3.1

References

CWEs

CWE-200

💬 Discuss CVE-2013-6493 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.