ID CVE-2015-0459
Summary Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491.
References
Vulnerable Configurations
  • Oracle JDK 1.5.0 Update 81
    cpe:2.3:a:oracle:jdk:1.5.0:update_81
  • Oracle JDK 1.6.0 Update 91
    cpe:2.3:a:oracle:jdk:1.6.0:update_91
  • Oracle JDK 1.7.0 Update 76
    cpe:2.3:a:oracle:jdk:1.7.0:update_76
  • Oracle JDK 1.8.0 Update_40
    cpe:2.3:a:oracle:jdk:1.8.0:update_40
  • Oracle JRE 1.5.0 Update 81
    cpe:2.3:a:oracle:jre:1.5.0:update_81
  • Oracle JRE 1.6.0 Update 91
    cpe:2.3:a:oracle:jre:1.6.0:update_91
  • Oracle JRE 1.7.0 Update 76
    cpe:2.3:a:oracle:jre:1.7.0:update_76
  • Oracle JRE 1.8.0 Update 40
    cpe:2.3:a:oracle:jre:1.8.0:update_40
  • Oracle JavaFX 2.2.76
    cpe:2.3:a:oracle:javafx:2.2.76
  • Novell SUSE Linux Enterprise Desktop 11.0 Service Pack 3
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:sp3
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
CVSS
Base: 10.0 (as of 06-04-2016 - 12:16)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family AIX Local Security Checks
    NASL id AIX_JAVA_APRIL2015_ADVISORY.NASL
    description The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities : - The Global Security Kit (GSKit) contains a flaw due to improper restrictions of TLS state transitions. A man-in-the-middle attacker can exploit this to downgrade the security of a session to use EXPORT_RSA ciphers. This allows the attacker to more easily break the encryption and monitor or tamper with the encrypted stream. (CVE-2015-0138) - An unspecified flaw exists that allows an attacker to execute code running under a security manager with elevated privileges.(CVE-2015-0192) - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204) - Multiple unspecified vulnerabilities exist in multiple Java subcomponents including 2D, Beans, Deployment, JCE, JSSE, and tools. (CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491) - An unspecified flaw exists that allows a remote attacker to bypass permission checks and gain access to sensitive information. (CVE-2015-1914) - An unspecified flaw exists due to the Socket Extension Provider's handling of TLS and SSL connections. A remote attacker can exploit this to cause a denial of service. (CVE-2015-1916) - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808)
    last seen 2019-02-21
    modified 2018-07-17
    plugin id 84087
    published 2015-06-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84087
    title AIX Java Advisory : java_april2015_advisory.asc (Bar Mitzvah) (FREAK)
  • NASL family Misc.
    NASL id ORACLE_JAVA_CPU_APR_2015_UNIX.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 45, 7 Update 79, 6 Update 95, or 5 Update 85. It is, therefore, affected by security vulnerabilities in the following components : - 2D - Beans - Deployment - Hotspot - JavaFX - JCE - JSSE - Tools
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 82821
    published 2015-04-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82821
    title Oracle Java SE Multiple Vulnerabilities (April 2015 CPU) (Unix) (FREAK)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-331.NASL
    description OpenJDK was updated to 2.5.5 - OpenJdk 7u79 to fix security issues and bugs : The following vulnerabilities were fixed : - CVE-2015-0458: Deployment: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0459: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0460: Hotspot: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0469: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0477: Beans: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols - CVE-2015-0478: JCE: unauthenticated remote attackers could read some JAVA accessible data via multiple protocols - CVE-2015-0480: Tools: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols and cause a partial denial of service (partial DOS) - CVE-2015-0484: JavaFX: unauthenticated remote attackers could read, update, insert or delete access some Java accessible data via multiple protocols and cause a partial denial of service (partial DOS). - CVE-2015-0488: JSSE: unauthenticated remote attackers could cause a partial denial of service (partial DOS). - CVE-2015-0491: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0492: JavaFX: unauthenticated remote attackers could execute arbitrary code via multiple protocols.
    last seen 2019-02-21
    modified 2015-04-28
    plugin id 83106
    published 2015-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83106
    title openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2015-331)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_7_0-OPENJDK-150419.NASL
    description OpenJDK was updated to version 2.5.5 - OpenJDK 7u79 to fix security issues and bugs. The following vulnerabilities have been fixed : - Deployment: unauthenticated remote attackers could execute arbitrary code via multiple protocols. (CVE-2015-0458) - 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. (CVE-2015-0459) - Hotspot: unauthenticated remote attackers could execute arbitrary code via multiple protocols. (CVE-2015-0460) - 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. (CVE-2015-0469) - Beans: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols. (CVE-2015-0477) - JCE: unauthenticated remote attackers could read some JAVA accessible data via multiple protocols. (CVE-2015-0478) - Tools: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols and cause a partial denial of service (partial DOS). (CVE-2015-0480) - JavaFX: unauthenticated remote attackers could read, update, insert or delete access some Java accessible data via multiple protocols and cause a partial denial of service (partial DOS). (CVE-2015-0484) - JSSE: unauthenticated remote attackers could cause a partial denial of service (partial DOS). (CVE-2015-0488) - 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. (CVE-2015-0491) - JavaFX: unauthenticated remote attackers could execute arbitrary code via multiple protocols. (CVE-2015-0492)
    last seen 2019-02-21
    modified 2015-05-08
    plugin id 83287
    published 2015-05-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83287
    title SuSE 11.3 Security Update : java-1_7_0-openjdk (SAT Patch Number 10621)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1085-1.NASL
    description IBM Java 1.5.0 was updated to SR16-FP10 fixing security issues and bugs. Tabulated information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/#IB M_Security_Update_May_2015 CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 84285
    published 2015-06-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84285
    title SUSE SLES10 Security Update : IBM Java (SUSE-SU-2015:1085-1) (Bar Mitzvah) (FREAK)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-2216-1.NASL
    description The java-1_7_0-ibm package was updated to version 7.0-9.20 to fix several security and non security issues : - bnc#955131: Version update to 7.0-9.20: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 - Add backcompat symlinks for sdkdir - bnc#941939: Fix to provide %{name} instead of %{sdklnk} only in _jvmprivdir Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 87277
    published 2015-12-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87277
    title SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2015:2216-1) (FREAK)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-2182-1.NASL
    description The java-1_7_1-ibm package was updated to version 7.1-3.20 to fix several security and non security issues : - bnc#955131: Version update to 7.1-3.20: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 - Add backcompat symlinks for sdkdir - bnc#941939: Fix to provide %{name} instead of %{sdklnk} only in _jvmprivdir Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 87200
    published 2015-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87200
    title SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2015:2182-1) (FREAK)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0854.NASL
    description Updated java-1.8.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.8.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 8 Update 45 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 82897
    published 2015-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82897
    title RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2015:0854)
  • NASL family Windows
    NASL id ORACLE_JAVA_CPU_APR_2015.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 45, 7 Update 79, 6 Update 95, or 5 Update 85. It is, therefore, affected by security vulnerabilities in the following components : - 2D - Beans - Deployment - Hotspot - JavaFX - JCE - JSSE - Tools
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 82820
    published 2015-04-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82820
    title Oracle Java SE Multiple Vulnerabilities (April 2015 CPU) (FREAK)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1086-3.NASL
    description IBM Java 1.7.0 was updated to SR9 fixing security issues and bugs. Tabulated information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/#IB M_Security_Update_May_2015 CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 CVE-2015-0491 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 84423
    published 2015-06-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84423
    title SUSE SLES11 Security Update : Java (SUSE-SU-2015:1086-3) (Bar Mitzvah) (FREAK)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201603-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-201603-11 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities exist in both Oracle’s JRE and JDK. Please review the referenced CVE’s for additional information. Impact : Remote attackers could gain access to information, remotely execute arbitrary code, and cause Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 89904
    published 2016-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89904
    title GLSA-201603-11 : Oracle JRE/JDK: Multiple vulnerabilities (Logjam)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1086-2.NASL
    description IBM Java 1.6.0 was updated to SR16-FP4 fixing security issues and bugs. Tabulated information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/#IB M_Security_Update_May_2015 CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 CVE-2015-0491 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 84337
    published 2015-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84337
    title SUSE SLES11 Security Update : IBM Java (SUSE-SU-2015:1086-2) (Bar Mitzvah) (FREAK)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1021.NASL
    description Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. IBM Java SDK and JRE 5.0 will not receive software updates after September 2015. This date is referred to as the End of Service (EOS) date. Customers are advised to migrate to current versions of IBM Java at this time. IBM Java SDK and JRE versions 6 and 7 are available via the Red Hat Enterprise Linux 5 and 6 Supplementary content sets and will continue to receive updates based on IBM's lifecycle policy, linked to in the References section. Customers can also consider OpenJDK, an open source implementation of the Java SE specification. OpenJDK is available by default on supported hardware architectures. All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP10 release. All running instances of IBM Java must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 83754
    published 2015-05-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83754
    title RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2015:1021) (Bar Mitzvah)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-2168-2.NASL
    description The java-1_7_1-ibm package was updated to versioin 7.1-3.20 to fix several security and non security issues : - bnc#955131: Version update to 7.1-3.20: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 - Add backcompat symlinks for sdkdir - bnc#941939: Fix to provide %{name} instead of %{sdklnk} only in _jvmprivdir Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 87404
    published 2015-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87404
    title SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2015:2168-2) (FREAK)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-2192-1.NASL
    description This update for java-1_6_0-ibm fixes the following issues : - Version update to 6.0-16.15 bsc#955131: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-2808 CVE-2015-2625 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 - Add backcompat symlinks for sdkdir - Fix baselibs.conf policy symlinking - Fix bsc#941939 to provide %{name} instead of %{sdklnk} only in _jvmprivdir Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 119972
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119972
    title SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2015:2192-1) (Bar Mitzvah) (FREAK)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0857.NASL
    description Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 79 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 82909
    published 2015-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82909
    title RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2015:0857)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0113-1.NASL
    description This version update for java-1_6_0-ibm to version 6.0.16.15 fixes the following issues : CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-2808 CVE-2015-2625 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 For more information please visit: http://www.ibm.com/developerworks/java/jdk/alert s/#IBM_Security_Update_November_2015 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 87914
    published 2016-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87914
    title SUSE SLES10 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0113-1) (Bar Mitzvah) (FREAK)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1020.NASL
    description Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR3 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 83753
    published 2015-05-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83753
    title RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2015:1020) (Bar Mitzvah)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1086-4.NASL
    description IBM Java 1.7.0 was updated to SR9 fixing security issues and bugs. Tabulated information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/#IB M_Security_Update_May_2015. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 84441
    published 2015-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84441
    title SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2015:1086-4) (Bar Mitzvah) (FREAK)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1007.NASL
    description Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to from the References section, for additional details about this change. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR9 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 83433
    published 2015-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83433
    title RHEL 5 : java-1.7.0-ibm (RHSA-2015:1007) (Bar Mitzvah)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-332.NASL
    description OpenJDK was updated to jdk8u45-b14 to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-0458: Deployment: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0459: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0460: Hotspot: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0469: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0470: Hotspot: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols - CVE-2015-0477: Beans: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols - CVE-2015-0478: JCE: unauthenticated remote attackers could read some JAVA accessible data via multiple protocols - CVE-2015-0480: Tools: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols and cause a partial denial of service (partial DOS) - CVE-2015-0484: JavaFX: unauthenticated remote attackers could read, update, insert or delete access some Java accessible data via multiple protocols and cause a partial denial of service (partial DOS). - CVE-2015-0486: Deployment: unauthenticated remote attackers could read some JAVA accessible data via multiple protocols - CVE-2015-0488: JSSE: unauthenticated remote attackers could cause a partial denial of service (partial DOS). - CVE-2015-0491: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0492: JavaFX: unauthenticated remote attackers could execute arbitrary code via multiple protocols.
    last seen 2019-02-21
    modified 2015-04-28
    plugin id 83107
    published 2015-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83107
    title openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2015-332)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1091.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Satellite 5.6 and 5.7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to from the References section, for additional details about this change. Users of Red Hat Satellite 5.6 and 5.7 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR16-FP4 release. For this update to take effect, Red Hat Satellite must be restarted ('/usr/sbin/rhn-satellite restart'), as well as all running instances of IBM Java.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 84143
    published 2015-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84143
    title RHEL 5 / 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:1091) (Bar Mitzvah)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1138-1.NASL
    description IBM Java 1.6.0 was updated to SR16-FP4 fixing security issues and bugs. Tabulated information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/#IB M_Security_Update_May_2015 CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 CVE-2015-0491 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 84425
    published 2015-06-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84425
    title SUSE SLES10 Security Update : IBM Java (SUSE-SU-2015:1138-1) (Bar Mitzvah) (FREAK)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-2166-1.NASL
    description This update for java-1_6_0-ibm fixes the following issues : - Version update to 6.0-16.15 bsc#955131: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-2808 CVE-2015-2625 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 87180
    published 2015-12-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87180
    title SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2015:2166-1) (Bar Mitzvah) (FREAK)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-2168-1.NASL
    description The java-1_7_1-ibm package was updated to versioin 7.1-3.20 to fix several security and non security issues : - bnc#955131: Version update to 7.1-3.20: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 - Add backcompat symlinks for sdkdir - bnc#941939: Fix to provide %{name} instead of %{sdklnk} only in _jvmprivdir Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 87181
    published 2015-12-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87181
    title SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2015:2168-1) (FREAK)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1161-1.NASL
    description IBM Java 1.6.0 was updated to SR16-FP4 fixing security issues and bugs. Tabulated information can be found on: [http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Updat e_May _2015](http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security _Upda te_May_2015) CVEs addressed: CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 CVE-2015-0491 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 Additional bugs fixed : - Fix javaws/plugin stuff should slave plugin update-alternatives (bnc#912434) - Changed Java to use the system root CA certificates (bnc#912447) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 119967
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119967
    title SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2015:1161-1) (Bar Mitzvah) (FREAK)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0858.NASL
    description Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 95 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 82910
    published 2015-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82910
    title RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2015:0858)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1006.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to from the References section, for additional details about this change. All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16-FP4 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 83432
    published 2015-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83432
    title RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2015:1006) (Bar Mitzvah)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1086-1.NASL
    description IBM Java 1.6.0 was updated to SR16-FP4 fixing security issues and bugs. Tabulated information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/#IB M_Security_Update_May_2015 CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 CVE-2015-0491 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 84286
    published 2015-06-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84286
    title SUSE SLES11 Security Update : IBM Java (SUSE-SU-2015:1086-1) (Bar Mitzvah) (FREAK)
redhat via4
advisories
  • rhsa
    id RHSA-2015:0854
  • rhsa
    id RHSA-2015:0857
  • rhsa
    id RHSA-2015:0858
  • rhsa
    id RHSA-2015:1006
  • rhsa
    id RHSA-2015:1007
  • rhsa
    id RHSA-2015:1020
  • rhsa
    id RHSA-2015:1021
  • rhsa
    id RHSA-2015:1091
refmap via4
bid 74083
confirm
gentoo GLSA-201603-11
sectrack 1032120
suse
  • SUSE-SU-2015:0833
  • SUSE-SU-2015:1085
  • SUSE-SU-2015:1086
  • SUSE-SU-2015:1138
  • SUSE-SU-2015:1161
  • SUSE-SU-2015:2166
  • SUSE-SU-2015:2168
  • SUSE-SU-2015:2182
  • SUSE-SU-2015:2192
  • SUSE-SU-2015:2216
  • SUSE-SU-2016:0113
  • openSUSE-SU-2015:0773
  • openSUSE-SU-2015:0774
Last major update 02-01-2017 - 21:59
Published 16-04-2015 - 12:59
Last modified 30-10-2018 - 12:27
Back to Top