Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value.
CVSS Information
N/A
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
icedtea-web 数据伪造问题漏洞
Vulnerability Description
icedtea-web是一款JSR-56(Java网络启动协议和API)的开源实现。 icedtea-web 存在数据伪造问题漏洞,该漏洞源于在执行相同来源检查时未正确确定小程序的来源。攻击者可利用该漏洞绕过同源策略(SOP),并使用小程序的codebase属性的伪造值访问无关站点上的数据。
CVSS Information
N/A
Vulnerability Type
N/A