Bug 944208 (CVE-2015-5235) - VUL-0: CVE-2015-5235: icedtea-web: applet origin spoofing
Summary: VUL-0: CVE-2015-5235: icedtea-web: applet origin spoofing
Status: RESOLVED FIXED
Alias: CVE-2015-5235
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/156225/
Whiteboard: CVSSv2:RedHat:CVE-2015-5235:4.3:(AV:N...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-09-02 15:41 UTC by Victor Pereira
Modified: 2016-04-27 19:45 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2015-09-02 15:41:55 UTC 
The following problem was reported by Andrea Palazzo and affects the package IcedTea-Web:

When requesting authorization to run an unsigned applet, a warning message is prompted, indicating the domain from which the applet's code is being requested. It is possible to tamper with this value just supplying an arbitrary value as codebase.  This issue could be exploited to abuse the eventual presence of whitelisted domains in the victim config (something like A 1434665367633 .* \Qhttp://trusted-site/\E) to gain unauthorized execution or to trick the user into allowing an application leveraging on the trust he could have for a well known domain.


References:
https://bugzilla.redhat.com/show_bug.cgi?id=1233697
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5235
Comment 1 Swamp Workflow Management 2015-09-02 22:00:37 UTC 
bugbot adjusting priority
Comment 2 Victor Pereira 2015-09-10 19:12:52 UTC 
fixes for 1.5 and 1.6 branch:

http://icedtea.classpath.org/hg/icedtea-web/rev/531034ce3e30
http://icedtea.classpath.org/hg/icedtea-web/rev/ee5e2cb91774



Are older branches as well affected?
Comment 3 Swamp Workflow Management 2015-09-22 09:10:56 UTC 
openSUSE-SU-2015:1595-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 755054,830880,944208,944209
CVE References: CVE-2012-4540,CVE-2015-5234,CVE-2015-5235
Sources used:
openSUSE 13.2 (src):    icedtea-web-1.6.1-6.1, java-1_7_0-openjdk-plugin-1.6.1-6.1, java-1_8_0-openjdk-plugin-1.6.1-6.2
openSUSE 13.1 (src):    icedtea-web-1.5.3-0.7.1
Comment 4 Fridrich Strba 2015-09-22 12:09:07 UTC 
Packages with fixes submitted. Closing.
Comment 7 Swamp Workflow Management 2015-10-05 17:09:44 UTC 
SUSE-SU-2015:1682-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 944208,944209
CVE References: CVE-2015-5234,CVE-2015-5235
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    java-1_7_0-openjdk-plugin-1.6.1-2.3.1
SUSE Linux Enterprise Desktop 12 (src):    java-1_7_0-openjdk-plugin-1.6.1-2.3.1
Comment 8 Swamp Workflow Management 2015-10-06 11:09:32 UTC 
SUSE-SU-2015:1689-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 944208,944209
CVE References: CVE-2015-5234,CVE-2015-5235
Sources used:
SUSE Linux Enterprise Desktop 11-SP4 (src):    icedtea-web-1.5.3-0.9.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    icedtea-web-1.5.3-0.9.1
Comment 9 Marcus Meissner 2015-12-17 14:01:01 UTC 
 released