Veracode Vulnerability DatabaseVERACODE:16915Authorization Bypass
0.004 Low
EPSS
Percentile
74.5%
icedtea-web is vulnerable to authorization bypass. It was discovered that IcedTea-Web did not properly determine an applet’s origin when asking the user if the applet should be run. A malicious page could use this flaw to cause IcedTea-Web to execute the applet without user approval, or confuse the user into approving applet execution based on an incorrectly indicated applet origin.
References
lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html
lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html
lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html
mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html
rhn.redhat.com/errata/RHSA-2016-0778.html
www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
www.securitytracker.com/id/1033780
www.ubuntu.com/usn/USN-2817-1
access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.8_Release_Notes/index.html
access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.8_Technical_Notes/index.html
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1233697
bugzilla.redhat.com/show_bug.cgi?id=1299976
rhn.redhat.com/errata/RHSA-2016-0778.html
Related
