CVE-2015-5234
N/A
N/A
Summary
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.ubuntu.com/usn/USN-2817-1
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html
- http://www.securitytracker.com/id/1033780
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html
- http://rhn.redhat.com/errata/RHSA-2016-0778.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1233667
References
- http://www.ubuntu.com/usn/USN-2817-1
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html
- http://www.securitytracker.com/id/1033780
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html
- http://rhn.redhat.com/errata/RHSA-2016-0778.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1233667
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.