CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-5235

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 69.0%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2015-5235

Redhat » Icedtea » Version: 1.0

cpe:2.3:a:redhat:icedtea:1.0
Redhat » Icedtea » Version: 1.1

cpe:2.3:a:redhat:icedtea:1.1
Redhat » Icedtea » Version: 1.2

cpe:2.3:a:redhat:icedtea:1.2
Redhat » Icedtea » Version: 1.3

cpe:2.3:a:redhat:icedtea:1.3
Redhat » Icedtea » Version: 1.4

cpe:2.3:a:redhat:icedtea:1.4
Redhat » Icedtea » Version: 1.5

cpe:2.3:a:redhat:icedtea:1.5
Redhat » Icedtea » Version: 1.5.2

cpe:2.3:a:redhat:icedtea:1.5.2
Redhat » Icedtea » Version: 1.6

cpe:2.3:a:redhat:icedtea:1.6
Fedoraproject » Fedora » Version: 21

cpe:2.3:o:fedoraproject:fedora:21
Fedoraproject » Fedora » Version: 22

cpe:2.3:o:fedoraproject:fedora:22
Opensuse » Opensuse » Version: 13.1

cpe:2.3:o:opensuse:opensuse:13.1
Opensuse » Opensuse » Version: 13.2

cpe:2.3:o:opensuse:opensuse:13.2
Redhat » Enterprise Linux Desktop » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
Redhat » Enterprise Linux Hpc Node » Version: 6

cpe:2.3:o:redhat:enterprise_linux_hpc_node:6
Redhat » Enterprise Linux Server » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux_server:6.0
Redhat » Enterprise Linux Workstation » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-5235

Products

Pricing

Contact Us