Home > Vulnerability Database > CVE-2015-5234

Mend.io Vulnerability Database

CVE-2015-5234

Date: October 9, 2015

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

Severity Score

5.6

Related Resources (12)

Url: https://access.redhat.com/security/cve/CVE-2015-5234

Url: http://www.ubuntu.com/usn/USN-2817-1

Url: http://www.securitytracker.com/id/1033780

Url: http://rhn.redhat.com/errata/RHSA-2016-0778.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-5234

Url: http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html

Url: http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1233667

Url: http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html

Url: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html

Url: https://www.mend.io/vulnerability-database/CVE-2015-5234

Severity Score

5.6

Weakness Type (CWE)

Improper Input Validation

CWE-20

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-5234

Date: October 9, 2015

Severity Score

Related Resources (12)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?