CVE-2015-5235

Published: Oct 9, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

Affected (10)

Products: Fedoraproject: Fedora · Redhat: Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server, Enterprise Linux Workstation, Icedtea · Opensuse: Opensuse

1 product

5 products

Enterprise Linux Desktop

Enterprise Linux Hpc Node

Enterprise Linux Server

Enterprise Linux Workstation

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 21
Fedoraproject Fedora	Version 22

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Hpc Node	Version 6
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Workstation	Version 6.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.1
Opensuse Opensuse	Version 13.2

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Icedtea	Up to 1.5.2
Redhat Icedtea	Version 1.6

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (18)

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html

Source: secalert@redhat.com

Third Party Advisory

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html

Source: secalert@redhat.com

Patch

http://rhn.redhat.com/errata/RHSA-2016-0778.html

Source: secalert@redhat.com

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Source: secalert@redhat.com

http://www.securitytracker.com/id/1033780

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2817-1

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1233697

Source: secalert@redhat.com

Issue Tracking

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://rhn.redhat.com/errata/RHSA-2016-0778.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1033780

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2817-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1233697

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

Timeline

No history available yet.