CVE-2015-5235: Input Validation
First published: Fri Jun 19 2015(Updated: )
Andrea Palazzo reported the following problem affecting IcedTea-Web: """ When requesting authorization to run an unsigned applet, a warning message is prompted, indicating the domain from which the applet's code is being requested. It is possible to tamper with this value just supplying an arbitrary value as codebase. This issue could be exploited to abuse the eventual presence of whitelisted domains in the victim config (something like A 1434665367633 .* \Qhttp://trusted-site/\E) to gain unauthorized execution or to trick the user into allowing an application leveraging on the trust he could have for a well known domain. """ Acknowledgement: Name: Andrea Palazzo (Truel IT)
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/icedtea-web | <1.5.3 | 1.5.3 |
| redhat/icedtea-web | <1.6.1 | 1.6.1 |
| Fedora | =21 | |
| Fedora | =22 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux HPC Node | =6 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| SUSE Linux | =13.1 | |
| SUSE Linux | =13.2 | |
| Red Hat IcedTea | <=1.5.2 | |
| Red Hat IcedTea | =1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#app_library
- https://bugzilla.redhat.com/attachment.cgi?id=1064644
- http://icedtea.classpath.org/hg/icedtea-web/rev/531034ce3e30
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1233697#c12
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1042634&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1042634&action=edit
- http://icedtea.classpath.org/hg/icedtea-web/rev/ee5e2cb91774
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1259311
- http://icedtea.classpath.org/hg/icedtea-web/rev/5ddfe3e389ab
- https://rhn.redhat.com/errata/RHBA-2015-2457.html
- https://rhn.redhat.com/errata/RHSA-2016-0778.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1233697
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html
- http://rhn.redhat.com/errata/RHSA-2016-0778.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securitytracker.com/id/1033780
- http://www.ubuntu.com/usn/USN-2817-1
Frequently Asked Questions
What is the severity of CVE-2015-5235?
CVE-2015-5235 has a moderate severity level due to the potential for warning message spoofing when running unsigned applets.
How do I fix CVE-2015-5235?
To fix CVE-2015-5235, update IcedTea-Web to version 1.6.1 or later.
What versions of IcedTea-Web are affected by CVE-2015-5235?
Versions of IcedTea-Web prior to 1.6.1 are affected by CVE-2015-5235.
What should I be aware of when running unsigned applets related to CVE-2015-5235?
When running unsigned applets, be cautious of potential spoofing of authorization warning messages due to CVE-2015-5235.
Is there any public exposure for CVE-2015-5235?
Yes, CVE-2015-5235 could potentially allow an attacker to manipulate warning messages shown to users.
- agent/first-publish-date
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/remedy
- agent/type
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-5235
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/fedoraproject
- canonical/fedora
- version/fedora/21
- version/fedora/22
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/6.0
- canonical/red hat enterprise linux hpc node
- version/red hat enterprise linux hpc node/6
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/6.0
- vendor/opensuse
- canonical/suse linux
- version/suse linux/13.1
- version/suse linux/13.2
- canonical/red hat icedtea
- version/red hat icedtea/1.5.2
- version/red hat icedtea/1.6