CVE-2015-5236
First published: Mon Aug 24 2015(Updated: )
It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value. Note that for Java applets, origin used for SOP checks is the site from which applet was loaded, not the site hosting the page embedding applet: <a href="https://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_Java">https://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_Java</a> Acknowledgement: This issue was discovered by Red Hat Product Security.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| icedtea-web |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_Java
- http://icedtea.classpath.org/hg/icedtea-web/annotate/d700c395b040/netx/net/sourceforge/jnlp/SecurityDesc.java#380
- http://icedtea.classpath.org/hg/icedtea-web/file/d2bebf24c3ef/netx/net/sourceforge/jnlp/SecurityDesc.java
- http://icedtea.classpath.org/hg/icedtea-web/file/d2bebf24c3ef/netx/net/sourceforge/jnlp/SecurityDesc.java#l344
- http://icedtea.classpath.org/hg/icedtea-web/annotate/d700c395b040/netx/net/sourceforge/jnlp/SecurityDesc.java#l413
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1256403#c2
- http://icedtea.classpath.org/hg/icedtea-web/rev/d700c395b040
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028609.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1256403#c4
- http://icedtea.classpath.org/hg/icedtea-web/file/d2bebf24c3ef/netx/net/sourceforge/jnlp/SecurityDesc.java#l345
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028514.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1256403#c5
- http://example.com
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1256403#c6
- http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2472
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1256403#c7
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1256403#c8
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1256403#c9
- https://bugzilla.redhat.com/show_bug.cgi?id=1256403
Frequently Asked Questions
What is the severity of CVE-2015-5236?
CVE-2015-5236 has a medium severity level due to its ability to bypass the Same Origin Policy.
How do I fix CVE-2015-5236?
To fix CVE-2015-5236, update IcedTea-Web to the latest version that addresses this vulnerability.
What systems are affected by CVE-2015-5236?
CVE-2015-5236 affects IcedTea-Web across all versions prior to the patches.
Can CVE-2015-5236 lead to a security breach?
Yes, CVE-2015-5236 can allow attackers to execute unauthorized operations on behalf of the user, potentially leading to a security breach.
What are the implications of CVE-2015-5236?
The implications of CVE-2015-5236 include increased risk of cross-site scripting attacks as the Same Origin Policy is bypassed.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/weakness
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-5236
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/icedtea-web project
- canonical/icedtea-web