cvedb.io
CVE-2015-5234
UNKNOWN · CVSS n/a
EPSS exploitation probability: 0%
Published 2015-10-09T14:59:01.843 · Last modified 2026-06-17T00:28:43.567

Summary

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

Affected products

redhat — enterprise_linux_desktop

Does this affect you?

Add your gear to cvedb and we'll alert you only when redhat ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.