Icedtea@1.6 Security Vulnerabilities and Issues — Icedtea@1.6 CVE List

Lucene search

RedhatIcedtea1.6

3 matches found

CVE•added 2015/10/09 2:59 p.m.•58 views

CVE-2015-5234

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

6.8CVSS6.8AI score0.0092EPSS

CVE•added 2015/10/09 2:59 p.m.•56 views

CVE-2015-5235

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

4.3CVSS6.5AI score0.00938EPSS

CVE•added 2010/12/08 8:0 p.m.•52 views

CVE-2010-3860

IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensit...

5CVSS8.6AI score0.01534EPSS