CVE-2015-5235

Published: Oct 9, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

USN-2817-1

vendor-advisory

x_refsource_UBUNTU

openSUSE-SU-2015:1595

vendor-advisory

x_refsource_SUSE

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1233697

x_refsource_CONFIRM

FEDORA-2015-15676

vendor-advisory

x_refsource_FEDORA

1033780

vdb-entry

x_refsource_SECTRACK

[distro-pkg-dev] 20150911 IcedTea-Web 1.6.1 and 1.5.3 released

mailing-list

x_refsource_MLIST

RHSA-2016:0778

vendor-advisory

x_refsource_REDHAT

FEDORA-2015-15677

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-5235

Description

Affected Products

References