CVE-2015-5235

high

Description

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

References

Advisories
More

http://rhn.redhat.com/errata/RHSA-2016-0778.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html

https://bugzilla.redhat.com/show_bug.cgi?id=1233697

http://www.ubuntu.com/usn/USN-2817-1

http://www.securitytracker.com/id/1033780

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html

Details

Source: Mitre, NVD

Published: 2015-10-09

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.00621

Detections

Analytics