CVE-2015-5236
First published: Mon Aug 24 2015(Updated: )
It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value. Note that for Java applets, origin used for SOP checks is the site from which applet was loaded, not the site hosting the page embedding applet: <a href="https://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_Java">https://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_Java</a> Acknowledgement: This issue was discovered by Red Hat Product Security.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Icedtea-web Project Icedtea-web |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_Java
- http://icedtea.classpath.org/hg/icedtea-web/annotate/d700c395b040/netx/net/sourceforge/jnlp/SecurityDesc.java#380
- http://icedtea.classpath.org/hg/icedtea-web/file/d2bebf24c3ef/netx/net/sourceforge/jnlp/SecurityDesc.java
- http://icedtea.classpath.org/hg/icedtea-web/file/d2bebf24c3ef/netx/net/sourceforge/jnlp/SecurityDesc.java#l344
- http://icedtea.classpath.org/hg/icedtea-web/annotate/d700c395b040/netx/net/sourceforge/jnlp/SecurityDesc.java#l413
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1256403#c2
- http://icedtea.classpath.org/hg/icedtea-web/rev/d700c395b040
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028609.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1256403#c4
- http://icedtea.classpath.org/hg/icedtea-web/file/d2bebf24c3ef/netx/net/sourceforge/jnlp/SecurityDesc.java#l345
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028514.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1256403#c5
- http://example.com
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1256403#c6
- http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2472
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1256403#c7
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1256403#c8
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1256403#c9
- https://bugzilla.redhat.com/show_bug.cgi?id=1256403
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/weakness
- agent/event
- agent/description
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-5236
- vendor/icedtea-web project
- canonical/icedtea-web project icedtea-web