CVE-2015-5234

Published: Oct 9, 2015Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

Affected (10)

Products: Redhat: Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server, Enterprise Linux Workstation, Icedtea · Opensuse: Opensuse · Fedoraproject: Fedora

5 products

Enterprise Linux Desktop

Enterprise Linux Hpc Node

Enterprise Linux Server

Enterprise Linux Workstation

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Hpc Node	Version 6.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Workstation	Version 6.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.1
Opensuse Opensuse	Version 13.2

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Icedtea	Up to 1.5.2
Redhat Icedtea	Version 1.6

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 21
Fedoraproject Fedora	Version 22

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (18)

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html

Source: secalert@redhat.com

Third Party Advisory

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html

Source: secalert@redhat.com

Patch

http://rhn.redhat.com/errata/RHSA-2016-0778.html

Source: secalert@redhat.com

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Source: secalert@redhat.com

http://www.securitytracker.com/id/1033780

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2817-1

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1233667

Source: secalert@redhat.com

Issue Tracking

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://rhn.redhat.com/errata/RHSA-2016-0778.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1033780

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2817-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1233667

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

Timeline

No history available yet.