CVE-2015-5235

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:redhat:icedtea:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.6:*:*:*:*:*:*:*

History

21 Nov 2024, 02:32

Type Values Removed Values Added
References () http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html - Third Party Advisory () http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html - Third Party Advisory
References () http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html - Third Party Advisory () http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html - Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html - Third Party Advisory
References () http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html - Patch () http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html - Patch
References () http://rhn.redhat.com/errata/RHSA-2016-0778.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2016-0778.html - Third Party Advisory
References () http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html - () http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html -
References () http://www.securitytracker.com/id/1033780 - () http://www.securitytracker.com/id/1033780 -
References () http://www.ubuntu.com/usn/USN-2817-1 - () http://www.ubuntu.com/usn/USN-2817-1 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=1233697 - Issue Tracking () https://bugzilla.redhat.com/show_bug.cgi?id=1233697 - Issue Tracking

Information

Published : 2015-10-09 14:59

Updated : 2024-11-21 02:32


NVD link : CVE-2015-5235

Mitre link : CVE-2015-5235

CVE.ORG link : CVE-2015-5235


JSON object : View

Products Affected

redhat

  • enterprise_linux_hpc_node
  • icedtea
  • enterprise_linux_workstation
  • enterprise_linux_server
  • enterprise_linux_desktop

opensuse

  • opensuse

fedoraproject

  • fedora
CWE
CWE-20

Improper Input Validation