CVE-2015-5235

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

Published: Oct 9, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-5235
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
fedoraproject / fedora	22	22.x
fedoraproject / fedora	21	21.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / enterprise_linux_hpc_node	6	6.x
opensuse / opensuse	13.1	13.1.x
opensuse / opensuse	13.2	13.2.x
redhat / icedtea	1.6	1.6.x
redhat / icedtea	-	1.5.2.x

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html
http://rhn.redhat.com/errata/RHSA-2016-0778.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securitytracker.com/id/1033780
http://www.ubuntu.com/usn/USN-2817-1
https://bugzilla.redhat.com/show_bug.cgi?id=1233697

Vulnerability Database

289,697

CVE-2015-5235