CVE-2015-5235

Опубликовано: 09 окт. 2015

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

Ссылки

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html
Third Party Advisory
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html
Patch
http://rhn.redhat.com/errata/RHSA-2016-0778.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securitytracker.com/id/1033780
http://www.ubuntu.com/usn/USN-2817-1
https://bugzilla.redhat.com/show_bug.cgi?id=1233697
Issue Tracking
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html
Third Party Advisory
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html
Patch
http://rhn.redhat.com/errata/RHSA-2016-0778.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securitytracker.com/id/1033780
http://www.ubuntu.com/usn/USN-2817-1
https://bugzilla.redhat.com/show_bug.cgi?id=1233697
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:redhat:icedtea:*:*:*:*:*:*:*:*

Версия до 1.5.2 (включая)

cpe:2.3:a:redhat:icedtea:1.6:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00938

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2015-5235

ubuntu

почти 10 лет назад

CVE-2015-5235

redhat

около 10 лет назад

CVE-2015-5235

debian

почти 10 лет назад

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly dete ...

GHSA-c7wx-r8q7-fmcf

github

больше 3 лет назад

SUSE-SU-2015:1689-1

suse-cvrf

почти 10 лет назад

Security update for icedtea-web

EPSS

Процентиль: 75%

0.00938

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20