CVE-2015-5236 Vulnerability Details

  /     /     /  

CVE-2015-5236 Metadata Quick Info

CVE Published: 07/07/2022 | CVE Updated: 06/08/2024 | CVE Year: 2015
Source: redhat | Vendor: n/a | Product: Icedtea-web
Status : PUBLISHED

---

CVE-2015-5236 Description

It was discovered that the IcedTea-Web used codebase attribute of the tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet\'s actual origin, this allowed malicious site to bypass SOP via spoofed codebase value.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-345
CWE Name: CWE-345
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂ Discovered: 12/11/2024 Status: PUBLISHED

▸ CVE-2024-9997 ◂ Discovered: 29/10/2024 Status: PUBLISHED

▸ CVE-2024-9996 ◂ Discovered: 29/10/2024 Status: PUBLISHED

Tags:
CVE-2015-5236 Vulnerability Details