ID CVE-2015-4731
Summary Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. Per Advisory: <a href="http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html">Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.</a>
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jdk:1.6.0:update_95:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update_95:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update_80:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update_80:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update_33:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update_33:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update_45:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update_45:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_95:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_95:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update_80:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update_80:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update_33:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.8.0:update_33:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update_45:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.8.0:update_45:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 05-01-2018 - 02:30)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • rhsa
    id RHSA-2015:1228
  • rhsa
    id RHSA-2015:1229
  • rhsa
    id RHSA-2015:1230
  • rhsa
    id RHSA-2015:1241
  • rhsa
    id RHSA-2015:1242
  • rhsa
    id RHSA-2015:1243
  • rhsa
    id RHSA-2015:1485
  • rhsa
    id RHSA-2015:1486
  • rhsa
    id RHSA-2015:1488
  • rhsa
    id RHSA-2015:1526
  • rhsa
    id RHSA-2015:1544
  • rhsa
    id RHSA-2015:1604
rpms
  • java-1.8.0-openjdk-1:1.8.0.51-0.b16.el6_6
  • java-1.8.0-openjdk-demo-1:1.8.0.51-0.b16.el6_6
  • java-1.8.0-openjdk-devel-1:1.8.0.51-0.b16.el6_6
  • java-1.8.0-openjdk-headless-1:1.8.0.51-0.b16.el6_6
  • java-1.8.0-openjdk-javadoc-1:1.8.0.51-0.b16.el6_6
  • java-1.8.0-openjdk-src-1:1.8.0.51-0.b16.el6_6
  • java-1.8.0-openjdk-1:1.8.0.51-1.b16.el7_1
  • java-1.8.0-openjdk-accessibility-1:1.8.0.51-1.b16.el7_1
  • java-1.8.0-openjdk-demo-1:1.8.0.51-1.b16.el7_1
  • java-1.8.0-openjdk-devel-1:1.8.0.51-1.b16.el7_1
  • java-1.8.0-openjdk-headless-1:1.8.0.51-1.b16.el7_1
  • java-1.8.0-openjdk-javadoc-1:1.8.0.51-1.b16.el7_1
  • java-1.8.0-openjdk-src-1:1.8.0.51-1.b16.el7_1
  • java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el6_6
  • java-1.7.0-openjdk-demo-1:1.7.0.85-2.6.1.3.el6_6
  • java-1.7.0-openjdk-devel-1:1.7.0.85-2.6.1.3.el6_6
  • java-1.7.0-openjdk-javadoc-1:1.7.0.85-2.6.1.3.el6_6
  • java-1.7.0-openjdk-src-1:1.7.0.85-2.6.1.3.el6_6
  • java-1.7.0-openjdk-1:1.7.0.85-2.6.1.2.el7_1
  • java-1.7.0-openjdk-accessibility-1:1.7.0.85-2.6.1.2.el7_1
  • java-1.7.0-openjdk-demo-1:1.7.0.85-2.6.1.2.el7_1
  • java-1.7.0-openjdk-devel-1:1.7.0.85-2.6.1.2.el7_1
  • java-1.7.0-openjdk-headless-1:1.7.0.85-2.6.1.2.el7_1
  • java-1.7.0-openjdk-javadoc-1:1.7.0.85-2.6.1.2.el7_1
  • java-1.7.0-openjdk-src-1:1.7.0.85-2.6.1.2.el7_1
  • java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el5_11
  • java-1.7.0-openjdk-demo-1:1.7.0.85-2.6.1.3.el5_11
  • java-1.7.0-openjdk-devel-1:1.7.0.85-2.6.1.3.el5_11
  • java-1.7.0-openjdk-javadoc-1:1.7.0.85-2.6.1.3.el5_11
  • java-1.7.0-openjdk-src-1:1.7.0.85-2.6.1.3.el5_11
  • java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el5_11
  • java-1.6.0-openjdk-demo-1:1.6.0.36-1.13.8.1.el5_11
  • java-1.6.0-openjdk-devel-1:1.6.0.36-1.13.8.1.el5_11
  • java-1.6.0-openjdk-javadoc-1:1.6.0.36-1.13.8.1.el5_11
  • java-1.6.0-openjdk-src-1:1.6.0.36-1.13.8.1.el5_11
  • java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el6_7
  • java-1.6.0-openjdk-demo-1:1.6.0.36-1.13.8.1.el6_7
  • java-1.6.0-openjdk-devel-1:1.6.0.36-1.13.8.1.el6_7
  • java-1.6.0-openjdk-javadoc-1:1.6.0.36-1.13.8.1.el6_7
  • java-1.6.0-openjdk-src-1:1.6.0.36-1.13.8.1.el6_7
  • java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el7_1
  • java-1.6.0-openjdk-demo-1:1.6.0.36-1.13.8.1.el7_1
  • java-1.6.0-openjdk-devel-1:1.6.0.36-1.13.8.1.el7_1
  • java-1.6.0-openjdk-javadoc-1:1.6.0.36-1.13.8.1.el7_1
  • java-1.6.0-openjdk-src-1:1.6.0.36-1.13.8.1.el7_1
refmap via4
bid 75812
confirm http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
debian
  • DSA-3316
  • DSA-3339
gentoo
  • GLSA-201603-11
  • GLSA-201603-14
sectrack 1032910
suse
  • SUSE-SU-2015:1319
  • SUSE-SU-2015:1320
  • openSUSE-SU-2015:1288
  • openSUSE-SU-2015:1289
ubuntu
  • USN-2696-1
  • USN-2706-1
Last major update 05-01-2018 - 02:30
Published 16-07-2015 - 11:00
Back to Top