VDB
CVE-2015-5236
CVE-2015-5236
PUBLISHED
It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value.
EPSS 0.12% · 31.1th percentile
Risk Scores
EPSS Score
0.12%
31.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | icedtea-web | 1.6.2-3.1ubuntu3, 1.8-0ubuntu8~18.04, 0 |
| Ubuntu:24.04:LTS | icedtea-web | 1.8.8-2, 0, 1.8.8-2ubuntu1 |
| Ubuntu:16.04:LTS | icedtea-web | 1.6.1-4ubuntu1, 1.6.2-1ubuntu1, 1.6.2-3ubuntu1 |
| Ubuntu:25.10 | icedtea-web | 1.8.8-3, 0 |
| Ubuntu:20.04:LTS | icedtea-web | 0, 1.8-0ubuntu8 |
| Ubuntu:22.04:LTS | icedtea-web | 1.8.4-1build1, 0 |
Exploit Intelligence
- https://bugzilla.redhat.com/show_bug.cgi?id=1256403 (vulncheck-nvd)
Timeline
- Jul 7, 2022 CVE Published
- Jul 8, 2022 EPSS Score
- Jul 16, 2022 CVE Updated
- Aug 25, 2022 EPSS Score
- Oct 12, 2022 EPSS Score
- Nov 28, 2022 EPSS Score
- Jan 14, 2023 EPSS Score
- Mar 3, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 19, 2023 EPSS Score
- Jun 5, 2023 EPSS Score
- Jul 22, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2015-5236 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1256403 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2015-5236 third-party-advisory