Lucene search
Ubuntu.comUB:CVE-2015-5235HistoryOct 09, 2015 - 12:00 a.m.
CVE-2015-5235
2015-10-0900:00:00
ubuntu.com
ubuntu.com
9
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
74.5%
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine
the origin of unsigned applets, which allows remote attackers to bypass the
approval process or trick users into approving applet execution via a
crafted web page.
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798467>
- <https://bugzilla.redhat.com/show_bug.cgi?id=1233697>
Notes
| Author | Note |
|---|---|
| mdeslaur | extended applets security was introduced in icedtea-web 1.4 |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 14.04 | noarch | icedtea-web | < 1.5.3-0ubuntu0.14.04.1 | UNKNOWN |
| ubuntu | 15.04 | noarch | icedtea-web | < 1.5.3-0ubuntu0.15.04.1 | UNKNOWN |
| ubuntu | 15.10 | noarch | icedtea-web | < 1.5.3-0ubuntu0.15.10.1 | UNKNOWN |
Related
veracode
veracode
Authorization Bypass
2019-05-02 05:29:34
cvelist
cvelist
CVE-2015-5235
2015-10-09 14:00:00
nvd
nvd
CVE-2015-5235
2015-10-09 14:59:05
cve
cve
CVE-2015-5235
2015-10-09 14:59:05
prion
prion
Authentication flaw
2015-10-09 14:59:00
debiancve
debiancve
CVE-2015-5235
2015-10-09 14:59:05
mageia
mageia
Updated icedtea-web packages fix security vulnerabilities
2015-09-17 21:02:40
ubuntu
ubuntu
IcedTea Web vulnerabilities
2015-11-24 00:00:00
nessus
nessus
Fedora 21 : icedtea-web-1.6.1-1.fc21 (2015-15677)
2015-09-22 00:00:00
Fedora 22 : icedtea-web-1.6.1-1.fc22 (2015-15676)
2015-09-22 00:00:00
Ubuntu 14.04 LTS : IcedTea Web vulnerabilities (USN-2817-1)
2015-11-25 00:00:00
archlinux
archlinux
icedtea-web: multiple issues
2015-09-14 00:00:00
oraclelinux
oraclelinux
icedtea-web security, bug fix, and enhancement update
2016-05-12 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0376)
2015-10-15 00:00:00
Ubuntu: Security Advisory (USN-2817-1)
2015-11-25 00:00:00
RedHat Update for icedtea-web RHSA-2016:0778-01
2016-05-11 00:00:00
centos
centos
icedtea security update
2016-05-16 10:15:12
redhat
redhat
suse
suse
Security update for icedtea-web (important)
2015-09-22 11:10:12
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
74.5%
Related for UB:CVE-2015-5235