CVE-2015-5234

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html	Third Party Advisory
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html	Patch
http://rhn.redhat.com/errata/RHSA-2016-0778.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securitytracker.com/id/1033780
http://www.ubuntu.com/usn/USN-2817-1
https://bugzilla.redhat.com/show_bug.cgi?id=1233667	Issue Tracking

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:redhat:icedtea::::::::
	cpe:2.3:a:redhat:icedtea:1.6:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:21:::::::*
	cpe:2.3:o:fedoraproject:fedora:22:::::::*

History

No history.

Information

Published : 2015-10-09 14:59

Updated : 2018-10-30 16:27

NVD link : CVE-2015-5234

Mitre link : CVE-2015-5234

CVE.ORG link : CVE-2015-5234

JSON object : View

Products Affected

redhat

enterprise_linux_server
icedtea
enterprise_linux_hpc_node
enterprise_linux_desktop
enterprise_linux_workstation

opensuse

opensuse

fedoraproject

fedora

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2015-5234", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-10-09T14:59:01.843", "references": [{"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-0778.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id/1033780", "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-2817-1", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1233667", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks."}, {"lang": "es", "value": "IcedTea-Web en versiones anteriores a 1.5.3 y 1.6.x anterior a 1.6.1 no limpia correctamente URLs de applet, lo que permite a atacantes remotos inyectar applets en el archivo de configuraci\u00f3n .appletTrustSettings y eludir la aprobaci\u00f3n del usuario para ejecutar la applet a trav\u00e9s de una p\u00e1gina web manipulada, probablemente relacionada con el salto de l\u00ednea."}], "lastModified": "2018-10-30T16:27:35.843", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:icedtea:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDB43F31-4C43-4E80-8B2A-66A8502FCA11", "versionEndIncluding": "1.5.2"}, {"criteria": "cpe:2.3:a:redhat:icedtea:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28570EF8-C777-4AA9-BD96-ADA1D4B09B91"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

6.8 /10