Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-5234

Опубликовано: 09 окт. 2015
Источник: nvd
CVSS2: 6.8
EPSS Низкий

Описание

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:redhat:icedtea:*:*:*:*:*:*:*:*
Версия до 1.5.2 (включая)
cpe:2.3:a:redhat:icedtea:1.6:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

EPSS

Процентиль: 75%
0.0092
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2015-5234

ubuntu
почти 10 лет назад

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

redhat логотип

CVE-2015-5234

redhat
около 10 лет назад

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

debian логотип

CVE-2015-5234

debian
почти 10 лет назад

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sani ...

github логотип

GHSA-vjh2-cm2h-354g

github
больше 3 лет назад

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

suse-cvrf логотип

SUSE-SU-2015:1689-1

suse-cvrf
почти 10 лет назад

Security update for icedtea-web

EPSS

Процентиль: 75%
0.0092
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-20