Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2015-5234HistoryOct 09, 2015 - 2:59 p.m.
CVE-2015-5234
2015-10-0914:59:01
Debian Security Bug Tracker
security-tracker.debian.org
8
6.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.3%
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | icedtea-web | < 1.6.1-1 | icedtea-web_1.6.1-1_all.deb |
| Debian | 11 | all | icedtea-web | < 1.6.1-1 | icedtea-web_1.6.1-1_all.deb |
| Debian | 10 | all | icedtea-web | < 1.6.1-1 | icedtea-web_1.6.1-1_all.deb |
| Debian | 999 | all | icedtea-web | < 1.6.1-1 | icedtea-web_1.6.1-1_all.deb |
| Debian | 13 | all | icedtea-web | < 1.6.1-1 | icedtea-web_1.6.1-1_all.deb |
Related
nvd
nvd
CVE-2015-5234
2015-10-09 14:59:01
cve
cve
CVE-2015-5234
2015-10-09 14:59:01
prion
prion
Privilege escalation
2015-10-09 14:59:00
cvelist
cvelist
CVE-2015-5234
2015-10-09 14:00:00
ubuntucve
ubuntucve
CVE-2015-5234
2015-10-09 00:00:00
veracode
veracode
Authorization Bypass
2019-01-15 09:11:15
nessus
nessus
Fedora 22 : icedtea-web-1.6.1-1.fc22 (2015-15676)
2015-09-22 00:00:00
Ubuntu 14.04 LTS : IcedTea Web vulnerabilities (USN-2817-1)
2015-11-25 00:00:00
Oracle Linux 6 : icedtea-web (ELSA-2016-0778)
2016-05-16 00:00:00
archlinux
archlinux
icedtea-web: multiple issues
2015-09-14 00:00:00
oraclelinux
oraclelinux
icedtea-web security, bug fix, and enhancement update
2016-05-12 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0376)
2015-10-15 00:00:00
Ubuntu: Security Advisory (USN-2817-1)
2015-11-25 00:00:00
RedHat Update for icedtea-web RHSA-2016:0778-01
2016-05-11 00:00:00
centos
centos
icedtea security update
2016-05-16 10:15:12
mageia
mageia
Updated icedtea-web packages fix security vulnerabilities
2015-09-17 21:02:40
ubuntu
ubuntu
IcedTea Web vulnerabilities
2015-11-24 00:00:00
redhat
redhat
suse
suse
Security update for icedtea-web (important)
2015-09-22 11:10:12
6.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.3%
Related for DEBIANCVE:CVE-2015-5234