Privilege escalation

2015-10-0914:59:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.3%

JSON

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

CPENameOperatorVersion
fedoraeq22
fedoraeq21
opensuseeq13.1
opensuseeq13.2
enterprise_linux_desktopeq6.0
enterprise_linux_hpc_nodeeq6.0
enterprise_linux_servereq6.0
enterprise_linux_workstationeq6.0
icedteaeq1.6
icedteale1.5.2

Name	Operator	Version
fedora	eq	22
fedora	eq	21
opensuse	eq	13.1
opensuse	eq	13.2
enterprise_linux_desktop	eq	6.0
enterprise_linux_hpc_node	eq	6.0
enterprise_linux_server	eq	6.0
enterprise_linux_workstation	eq	6.0
icedtea	eq	1.6
icedtea	le	1.5.2