Follow @discotekdotca
CVE-2015-5235
Current Description
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.
Basic Data
| Published | October 09, 2015 |
|---|---|
| Last Modified | October 30, 2018 |
| Assigner | cve@mitre.org |
| Data Type | CVE |
| Data Format | MITRE |
| Data Version | 4.0 |
| Problem Type | CWE-20 |
| CVE Data Version | 4.0 |
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|---|
| CVSS 2 - Vector String | AV:N/AC:M/Au:N/C:N/I:P/A:N |
| CVSS 2 - Access Vector | NETWORK |
| CVSS 2 - Access Complexity | MEDIUM |
| CVSS 2 - Authentication | NONE |
| CVSS 2 - Confidentiality Impact | NONE |
| CVSS 2 - Availability Impact | NONE |
| CVSS 2 - Base Score | 4.3 |
| Severity | MEDIUM |
| Exploitability Score | 8.6 |
| Impact Score | 2.9 |
| Obtain All Privilege | false |
| Obtain User Privilege | false |
| Obtain Other Privilege | false |
Base Metric V3
No data provided.
Configurations
-
OR - Configuration 1
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 OS Fedoraproject Fedora 21 * * * * * * * � � � � 2.3 OS Fedoraproject Fedora 22 * * * * * * * � � � � -
OR - Configuration 2
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 OS Redhat Enterprise Linux Desktop 6.0 * * * * * * * � � � � 2.3 OS Redhat Enterprise Linux Hpc Node 6 * * * * * * * � � � � 2.3 OS Redhat Enterprise Linux Server 6.0 * * * * * * * � � � � 2.3 OS Redhat Enterprise Linux Workstation 6.0 * * * * * * * � � � � -
OR - Configuration 3
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 OS Opensuse Opensuse 13.1 * * * * * * * � � � � 2.3 OS Opensuse Opensuse 13.2 * * * * * * * � � � � -
OR - Configuration 4
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Application Redhat Icedtea * * * * * * * * � 1.5.2 � � 2.3 Application Redhat Icedtea 1.6 * * * * * * * � � � �
Vulnerable Software List
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Linux Workstation | 6.0 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Icedtea | *, 1.6 |
| Redhat | Enterprise Linux Hpc Node | 6 |
| Redhat | Enterprise Linux Server | 6.0 |
| Opensuse | Opensuse | 13.1, 13.2 |
| Fedoraproject | Fedora | 21, 22 |
References
| Name | Source | URL | Tags |
|---|---|---|---|
| FEDORA-2015-15676 | http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html | FEDORA | Third Party Advisory |
| FEDORA-2015-15677 | http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html | FEDORA | Third Party Advisory |
| openSUSE-SU-2015:1595 | http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html | SUSE | Third Party Advisory |
| [distro-pkg-dev] 20150911 IcedTea-Web 1.6.1 and 1.5.3 released | http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html | MLIST | Patch |
| RHSA-2016:0778 | http://rhn.redhat.com/errata/RHSA-2016-0778.html | REDHAT | Third Party Advisory |
| http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | CONFIRM | |
| 1033780 | http://www.securitytracker.com/id/1033780 | SECTRACK | |
| USN-2817-1 | http://www.ubuntu.com/usn/USN-2817-1 | UBUNTU | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1233697 | https://bugzilla.redhat.com/show_bug.cgi?id=1233697 | CONFIRM | Issue Tracking |