IcedTea-Web prior to 1.5.3 and 1.6.x prior to 1.6.1 does not properly sanitize applet URLs, which allows remote malicious users to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat enterprise linux workstation 6.0 |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux hpc node 6.0 |
||
redhat enterprise linux server 6.0 |
||
opensuse opensuse 13.1 |
||
opensuse opensuse 13.2 |
||
redhat icedtea |
||
redhat icedtea 1.6 |
||
fedoraproject fedora 22 |
||
fedoraproject fedora 21 |