[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-5234Date: (C)2015-10-09   (M)2023-12-22


IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1033780
FEDORA-2015-15676
FEDORA-2015-15677
RHSA-2016:0778
USN-2817-1
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
https://bugzilla.redhat.com/show_bug.cgi?id=1233667
openSUSE-SU-2015:1595

CPE    7
cpe:/o:opensuse:opensuse:13.1
cpe:/o:redhat:enterprise_linux_hpc_node:6.0
cpe:/o:fedoraproject:fedora:21
cpe:/o:fedoraproject:fedora:22
...
CWE    1
CWE-20
OVAL    5
oval:org.secpod.oval:def:702859
oval:org.secpod.oval:def:204120
oval:org.secpod.oval:def:52634
oval:org.secpod.oval:def:1501464
...

© SecPod Technologies