CVE-2015-5235 Information

Feb 14, 2021 cve

Description

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html http://rhn.redhat.com/errata/RHSA-2016-0778.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securitytracker.com/id/1033780 http://www.ubuntu.com/usn/USN-2817-1 https://bugzilla.redhat.com/show_bug.cgi?id=1233697

Share on: