QwikSec

Security Database

CVE

CWE

Training

CVE-2015-5234

Published: Oct 9, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_UBUNTU

openSUSE-SU-2015:1595

vendor-advisory

x_refsource_SUSE

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

x_refsource_CONFIRM

FEDORA-2015-15676

vendor-advisory

x_refsource_FEDORA

vdb-entry

x_refsource_SECTRACK

[distro-pkg-dev] 20150911 IcedTea-Web 1.6.1 and 1.5.3 released

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

FEDORA-2015-15677

vendor-advisory

x_refsource_FEDORA

https://bugzilla.redhat.com/show_bug.cgi?id=1233667

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.