Vulnerability Description
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Fedora | 21 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Hpc Node | 6 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Opensuse | Opensuse | 13.1 |
| Redhat | Icedtea | <= 1.5.2 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.htmlThird Party Advisory
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.htmlPatch
- http://rhn.redhat.com/errata/RHSA-2016-0778.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.h
- http://www.securitytracker.com/id/1033780
- http://www.ubuntu.com/usn/USN-2817-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1233697Issue Tracking
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.htmlThird Party Advisory
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.htmlPatch
- http://rhn.redhat.com/errata/RHSA-2016-0778.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.h
FAQ
What is CVE-2015-5235?
CVE-2015-5235 is a vulnerability with a CVSS score of 4.3 (MEDIUM). IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving a...
How severe is CVE-2015-5235?
CVE-2015-5235 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5235?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.