Home

CVE-2015-5234

Description

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

Risk Information

Base Score
8.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.92

Associated Vulnerability

VulnerabilityOS Platform
A web browser plugin to execute Java applets (USN-2817-1) icedtea-6-plugin_1.5.3-0ubuntu0.14.04.1_i386.debLinux
A web browser plugin to execute Java applets (USN-2817-1) icedtea-6-plugin_1.5.3-0ubuntu0.14.04.1_amd64.debLinux
A web browser plugin to execute Java applets (USN-2817-1) icedtea-7-plugin_1.5.3-0ubuntu0.14.04.1_i386.debLinux
A web browser plugin to execute Java applets (USN-2817-1) icedtea-7-plugin_1.5.3-0ubuntu0.14.04.1_amd64.debLinux
A web browser plugin to execute Java applets (USN-2817-1) icedtea-7-plugin_1.5.3-0ubuntu0.15.04.1_i386.debLinux
A web browser plugin to execute Java applets (USN-2817-1) icedtea-7-plugin_1.5.3-0ubuntu0.15.04.1_amd64.debLinux
A web browser plugin to execute Java applets (USN-2817-1) icedtea-7-plugin_1.5.2-1ubuntu2_i386.debLinux
A web browser plugin to execute Java applets (USN-2817-1) icedtea-7-plugin_1.5.2-1ubuntu2_amd64.debLinux
(RHSA-2016:0778) Moderate: icedtea-web security, bug fix, and enhancement update icedtea-web-1.6.2-1.el6.i686.rpmLinux
(RHSA-2016:0778) Moderate: icedtea-web security, bug fix, and enhancement update icedtea-web-1.6.2-1.el6.x86_64.rpmLinux
(RHSA-2016:0778) Moderate: icedtea-web security, bug fix, and enhancement update icedtea-web-javadoc-1.6.2-1.el6.noarch.rpmLinux
SUSE-SU-2015:1682-1(SUSE Linux Enterprise Desktop 12 ) java-1_7_0-openjdk-plugin-1.6.1-2.3.1.x86_64.rpmLinux
SUSE-SU-2015:1682-1(SUSE Linux Enterprise Desktop 12 ) java-1_7_0-openjdk-plugin-debuginfo-1.6.1-2.3.1.x86_64.rpmLinux
SUSE-SU-2015:1682-1(SUSE Linux Enterprise Desktop 12 ) java-1_7_0-openjdk-plugin-debugsource-1.6.1-2.3.1.x86_64.rpmLinux
SUSE-SU-2015:1689-1(SUSE Linux Enterprise Desktop 11-SP4 ) icedtea-web-1.5.3-0.9.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234