Home

CVE-2015-5235

Description

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.938

Associated Vulnerability

VulnerabilityOS Platform
A web browser plugin to execute Java applets (USN-2817-1) icedtea-6-plugin_1.5.3-0ubuntu0.14.04.1_i386.debLinux
A web browser plugin to execute Java applets (USN-2817-1) icedtea-6-plugin_1.5.3-0ubuntu0.14.04.1_amd64.debLinux
A web browser plugin to execute Java applets (USN-2817-1) icedtea-7-plugin_1.5.3-0ubuntu0.14.04.1_i386.debLinux
A web browser plugin to execute Java applets (USN-2817-1) icedtea-7-plugin_1.5.3-0ubuntu0.14.04.1_amd64.debLinux
A web browser plugin to execute Java applets (USN-2817-1) icedtea-7-plugin_1.5.3-0ubuntu0.15.04.1_i386.debLinux
A web browser plugin to execute Java applets (USN-2817-1) icedtea-7-plugin_1.5.3-0ubuntu0.15.04.1_amd64.debLinux
A web browser plugin to execute Java applets (USN-2817-1) icedtea-7-plugin_1.5.2-1ubuntu2_i386.debLinux
A web browser plugin to execute Java applets (USN-2817-1) icedtea-7-plugin_1.5.2-1ubuntu2_amd64.debLinux
(RHSA-2016:0778) Moderate: icedtea-web security, bug fix, and enhancement update icedtea-web-1.6.2-1.el6.i686.rpmLinux
(RHSA-2016:0778) Moderate: icedtea-web security, bug fix, and enhancement update icedtea-web-1.6.2-1.el6.x86_64.rpmLinux
(RHSA-2016:0778) Moderate: icedtea-web security, bug fix, and enhancement update icedtea-web-javadoc-1.6.2-1.el6.noarch.rpmLinux
SUSE-SU-2015:1682-1(SUSE Linux Enterprise Desktop 12 ) java-1_7_0-openjdk-plugin-1.6.1-2.3.1.x86_64.rpmLinux
SUSE-SU-2015:1682-1(SUSE Linux Enterprise Desktop 12 ) java-1_7_0-openjdk-plugin-debuginfo-1.6.1-2.3.1.x86_64.rpmLinux
SUSE-SU-2015:1682-1(SUSE Linux Enterprise Desktop 12 ) java-1_7_0-openjdk-plugin-debugsource-1.6.1-2.3.1.x86_64.rpmLinux
SUSE-SU-2015:1689-1(SUSE Linux Enterprise Desktop 11-SP4 ) icedtea-web-1.5.3-0.9.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234