CVE-2015-5235

2015-10-0914:59:05

CWE-20

redhat

web.nvd.nist.gov

cve-2015-5235

icedtea-web

remote attackers

approval process

web security

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.004

Percentile

74.5%

JSON

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

Affected configurations

Nvd

Node

fedoraprojectfedoraMatch21

fedoraprojectfedoraMatch22

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_hpc_nodeMatch6

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_workstationMatch6.0

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

redhaticedteaRange≤1.5.2

redhaticedteaMatch1.6

VendorProductVersionCPE
fedoraprojectfedora21cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
fedoraprojectfedora22cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
redhatenterprise_linux_desktop6.0cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_hpc_node6cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*
redhatenterprise_linux_server6.0cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_workstation6.0cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
opensuseopensuse13.1cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
opensuseopensuse13.2cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
redhaticedtea*cpe:2.3:a:redhat:icedtea:*:*:*:*:*:*:*:*
redhaticedtea1.6cpe:2.3:a:redhat:icedtea:1.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fedoraproject	fedora	21	cpe:2.3:o:fedoraproject:fedora:21:::::::*
fedoraproject	fedora	22	cpe:2.3:o:fedoraproject:fedora:22:::::::*
redhat	enterprise_linux_desktop	6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
redhat	enterprise_linux_hpc_node	6	cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:::::::*
redhat	enterprise_linux_server	6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
redhat	enterprise_linux_workstation	6.0	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
opensuse	opensuse	13.1	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
opensuse	opensuse	13.2	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
redhat	icedtea	*	cpe:2.3:a:redhat:icedtea::::::::
redhat	icedtea	1.6	cpe:2.3:a:redhat:icedtea:1.6:::::::*