CVE-2015-5235

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:redhat:icedtea:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea:1.6:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-10-09 14:59

Updated : 2024-02-04 18:53


NVD link : CVE-2015-5235

Mitre link : CVE-2015-5235

CVE.ORG link : CVE-2015-5235


JSON object : View

Products Affected

redhat

  • enterprise_linux_hpc_node
  • icedtea
  • enterprise_linux_workstation
  • enterprise_linux_server
  • enterprise_linux_desktop

opensuse

  • opensuse

fedoraproject

  • fedora
CWE
CWE-20

Improper Input Validation