CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-5234

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.9%

CVSS Severity

CVSS v2 Score 6.8

References

Products affected by CVE-2015-5234

Redhat » Icedtea » Version: 1.0

cpe:2.3:a:redhat:icedtea:1.0
Redhat » Icedtea » Version: 1.1

cpe:2.3:a:redhat:icedtea:1.1
Redhat » Icedtea » Version: 1.2

cpe:2.3:a:redhat:icedtea:1.2
Redhat » Icedtea » Version: 1.3

cpe:2.3:a:redhat:icedtea:1.3
Redhat » Icedtea » Version: 1.4

cpe:2.3:a:redhat:icedtea:1.4
Redhat » Icedtea » Version: 1.5

cpe:2.3:a:redhat:icedtea:1.5
Redhat » Icedtea » Version: 1.5.2

cpe:2.3:a:redhat:icedtea:1.5.2
Redhat » Icedtea » Version: 1.6

cpe:2.3:a:redhat:icedtea:1.6
Fedoraproject » Fedora » Version: 21

cpe:2.3:o:fedoraproject:fedora:21
Fedoraproject » Fedora » Version: 22

cpe:2.3:o:fedoraproject:fedora:22
Opensuse » Opensuse » Version: 13.1

cpe:2.3:o:opensuse:opensuse:13.1
Opensuse » Opensuse » Version: 13.2

cpe:2.3:o:opensuse:opensuse:13.2
Redhat » Enterprise Linux Desktop » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
Redhat » Enterprise Linux Hpc Node » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0
Redhat » Enterprise Linux Server » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux_server:6.0
Redhat » Enterprise Linux Workstation » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-5234

Products

Pricing

Contact Us