CVE-2015-5235
Summary
| CVE | CVE-2015-5235 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-10-09 14:59:00 UTC |
| Updated | 2018-10-30 16:27:00 UTC |
| Description | IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 21 | All | All | All |
| Operating System | Fedoraproject | Fedora | 22 | All | All | All |
| Operating System | Fedoraproject | Fedora | 21 | All | All | All |
| Operating System | Fedoraproject | Fedora | 22 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Hpc Node | 6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Hpc Node | 6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Application | Redhat | Icedtea | 1.6 | All | All | All |
| Application | Redhat | Icedtea | 1.6 | All | All | All |
| Application | Redhat | Icedtea | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| [SECURITY] Fedora 21 Update: icedtea-web-1.6.1-1.fc21 | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| IcedTea-Web Validation Flaws Let Remote Users Execute Arbitrary Applets - SecurityTracker | SECTRACK | www.securitytracker.com | |
| USN-2817-1: IcedTea Web vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| Oracle Linux Bulletin - April 2016 | CONFIRM | www.oracle.com | |
| IcedTea-Web 1.6.1 and 1.5.3 released | MLIST | mail.openjdk.java.net | Patch |
| [SECURITY] Fedora 22 Update: icedtea-web-1.6.1-1.fc22 | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| 1233697 – (CVE-2015-5235) CVE-2015-5235 icedtea-web: applet origin spoofing | CONFIRM | bugzilla.redhat.com | Issue Tracking |
| [security-announce] openSUSE-SU-2015:1595-1: important: Security update | SUSE | lists.opensuse.org | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.