IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 Nov 2024, 02:32
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html - Third Party Advisory | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html - Third Party Advisory | |
References | () http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html - Third Party Advisory | |
References | () http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html - Patch | |
References | () http://rhn.redhat.com/errata/RHSA-2016-0778.html - Third Party Advisory | |
References | () http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html - | |
References | () http://www.securitytracker.com/id/1033780 - | |
References | () http://www.ubuntu.com/usn/USN-2817-1 - | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1233697 - Issue Tracking |
Information
Published : 2015-10-09 14:59
Updated : 2024-11-21 02:32
NVD link : CVE-2015-5235
Mitre link : CVE-2015-5235
CVE.ORG link : CVE-2015-5235
JSON object : View
Products Affected
redhat
- enterprise_linux_hpc_node
- icedtea
- enterprise_linux_workstation
- enterprise_linux_server
- enterprise_linux_desktop
opensuse
- opensuse
fedoraproject
- fedora
CWE
CWE-20
Improper Input Validation