PT-2015-6809 · Oracle+4 · Icedtea-Web+4

Andrea Palazzo

Publicado

2015-09-15

Atualizado

2018-10-30

CVE-2015-5234

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IcedTea-Web versions prior to 1.5.3 IcedTea-Web versions 1.6.x prior to 1.6.1

Description The issue allows remote attackers to inject applets into the .appletTrustSettings configuration file, bypassing user approval to execute the applet via a crafted web page. This is possibly related to line breaks in applet URLs, which are not properly sanitized.

Recommendations For IcedTea-Web versions prior to 1.5.3, update to version 1.5.3 or later. For IcedTea-Web versions 1.6.x prior to 1.6.1, update to version 1.6.1 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CESA-2016_0778

CVE-2015-5234

MGASA-2015-0376

OPENSUSE-SU-2015_1595-1

OPENSUSE-SU-2024:10316-1

RHSA-2016:0778

RHSA-2016_0778

SUSE-SU-2015:1682-1

SUSE-SU-2015:1689-1

SUSE-SU-2015_1682-1

SUSE-SU-2015_1689-1

USN-2817-1

Produtos afetados

Centos

Icedtea-Web

Red Hat

Suse

Ubuntu

PT-2015-6809 · Oracle+4 · Icedtea-Web+4

CVE-2015-5234

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 51