Lucene search

K

RedhatCVELIST:CVE-2015-5234

HistoryOct 09, 2015 - 2:00 p.m.

CVE-2015-5234

2015-10-0914:00:00

redhat

www.cve.org

6.6 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.3%

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

References

lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html

lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html

lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html

mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html

rhn.redhat.com/errata/RHSA-2016-0778.html

www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

www.securitytracker.com/id/1033780

www.ubuntu.com/usn/USN-2817-1

bugzilla.redhat.com/show_bug.cgi?id=1233667

6.6 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.3%

Related for CVELIST:CVE-2015-5234

cve1 nvd1 debiancve1 prion1 ubuntucve1 veracode1 oraclelinux1 nessus10 openvas4 centos1 archlinux1 ubuntu1 mageia1 redhat1 suse1