Lucene search
Ubuntu.comUB:CVE-2015-5234HistoryOct 09, 2015 - 12:00 a.m.
CVE-2015-5234
2015-10-0900:00:00
ubuntu.com
ubuntu.com
5
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.3%
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize
applet URLs, which allows remote attackers to inject applets into the
.appletTrustSettings configuration file and bypass user approval to execute
the applet via a crafted web page, possibly related to line breaks.
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798467>
- <https://bugzilla.redhat.com/show_bug.cgi?id=1233667>
Notes
| Author | Note |
|---|---|
| mdeslaur | extended applets security was introduced in icedtea-web 1.4 |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 14.04 | noarch | icedtea-web | < 1.5.3-0ubuntu0.14.04.1 | UNKNOWN |
| ubuntu | 15.04 | noarch | icedtea-web | < 1.5.3-0ubuntu0.15.04.1 | UNKNOWN |
| ubuntu | 15.10 | noarch | icedtea-web | < 1.5.3-0ubuntu0.15.10.1 | UNKNOWN |
Related
cve
cve
CVE-2015-5234
2015-10-09 14:59:01
nvd
nvd
CVE-2015-5234
2015-10-09 14:59:01
debiancve
debiancve
CVE-2015-5234
2015-10-09 14:59:01
prion
prion
Privilege escalation
2015-10-09 14:59:00
cvelist
cvelist
CVE-2015-5234
2015-10-09 14:00:00
veracode
veracode
Authorization Bypass
2019-01-15 09:11:15
oraclelinux
oraclelinux
icedtea-web security, bug fix, and enhancement update
2016-05-12 00:00:00
nessus
nessus
Oracle Linux 6 : icedtea-web (ELSA-2016-0778)
2016-05-16 00:00:00
Fedora 22 : icedtea-web-1.6.1-1.fc22 (2015-15676)
2015-09-22 00:00:00
Ubuntu 14.04 LTS : IcedTea Web vulnerabilities (USN-2817-1)
2015-11-25 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0376)
2015-10-15 00:00:00
Ubuntu: Security Advisory (USN-2817-1)
2015-11-25 00:00:00
RedHat Update for icedtea-web RHSA-2016:0778-01
2016-05-11 00:00:00
centos
centos
icedtea security update
2016-05-16 10:15:12
archlinux
archlinux
icedtea-web: multiple issues
2015-09-14 00:00:00
ubuntu
ubuntu
IcedTea Web vulnerabilities
2015-11-24 00:00:00
mageia
mageia
Updated icedtea-web packages fix security vulnerabilities
2015-09-17 21:02:40
redhat
redhat
suse
suse
Security update for icedtea-web (important)
2015-09-22 11:10:12
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.3%
Related for UB:CVE-2015-5234