CVE-2015-5236 is a vulnerability in Icedtea Webproject Icedtea Web
Published on July 7, 2022

It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value.

NVD

Weakness Type

Insufficient Verification of Data Authenticity

The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Products Associated with CVE-2015-5236

Want to know whenever a new CVE is published for Icedtea Webproject Icedtea Web? stack.watch will email you.

Icedtea Webproject Icedtea Web

Exploit Probability

EPSS

0.12%

Percentile

31.16%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2015-5236 is a vulnerability in Icedtea Webproject Icedtea WebPublished on July 7, 2022

Weakness Type

Insufficient Verification of Data Authenticity

Products Associated with CVE-2015-5236

Exploit Probability

CVE-2015-5236 is a vulnerability in Icedtea Webproject Icedtea Web
Published on July 7, 2022