VDB
CVE-2015-5234
CVE-2015-5234
PUBLISHED
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.
EPSS 0.92% · 76.4th percentile
Risk Scores
EPSS Score
0.92%
76.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | icedtea-web | 0, 1.4-3ubuntu2, 1.4.1-1ubuntu1 |
Timeline
- Oct 9, 2015 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2015-5234 third-party-advisory
- https://ubuntu.com/security/notices/USN-2817-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2015-5234 third-party-advisory