Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:16915
HistoryMay 02, 2019 - 5:29 a.m.

Authorization Bypass

2019-05-0205:29:34
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5

0.004 Low

EPSS

Percentile

74.5%

icedtea-web is vulnerable to authorization bypass. It was discovered that IcedTea-Web did not properly determine an applet’s origin when asking the user if the applet should be run. A malicious page could use this flaw to cause IcedTea-Web to execute the applet without user approval, or confuse the user into approving applet execution based on an incorrectly indicated applet origin.

References