Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
attackerkbAttackerKBAKB:B9F2CFED-C0A1-431F-AEB0-DFA8B1EF82CF
HistoryJul 16, 2015 - 12:00 a.m.

Oracle Java JRE AES Intrinsics Remote Denial of Service

2015-07-1600:00:00
attackerkb.com
5

0.014 Low

EPSS

Percentile

86.2%

JSON

Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded 8u33 allows remote attackers to affect availability via unknown vectors related to Security.

Recent assessments:

jcran at November 14, 2019 9:43pm UTC reported:

Causes a hard crash for the web application server (for example, Tomcat) which directly handles web requests by simply posting 4097 characters to an affected server using the AES GCM cipher (where that server has the requisite CPU extensions enabled, which is most modern processors). Super easy to exploit; can just use curl.

See the blog post I wrote about it:
<https://blog.rapid7.com/2015/07/16/r7-2015-09-oracle-java-jre-aes-intrinsics-remote-denial-of-service-cve-2015-2659/&gt;

Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 5

Related

cve 1
openvas 11
prion 1
debiancve 1
cvelist 1
nvd 1
ubuntucve 1
nessus 12
ibm 5
veracode 13
mageia 1
centos 1
amazon 1
redhat 2
oraclelinux 1
suse 1
kaspersky 1
gentoo 1
securityvulns 1
oracle 1
cve
cve
CVE-2015-2659
2015-07-16 11:00:18
openvas
openvas
Oracle Java SE JRE Unspecified Vulnerability-04 (Jul 2015) - Linux
2015-07-20 00:00:00
Oracle Java SE JRE Unspecified Vulnerability-04 (Jul 2015) - Windows
2015-07-20 00:00:00
Juniper Networks Junos Space Multiple Vulnerabilities (JSA10727)
2016-04-18 00:00:00
prion
prion
Design/Logic Flaw
2015-07-16 11:00:00
debiancve
debiancve
CVE-2015-2659
2015-07-16 11:00:18
cvelist
cvelist
CVE-2015-2659
2015-07-16 10:00:00
nvd
nvd
CVE-2015-2659
2015-07-16 11:00:18
ubuntucve
ubuntucve
CVE-2015-2659
2015-07-16 00:00:00
nessus
nessus
Juniper Junos Space < 15.1R2 Multiple Vulnerabilities (JSA10727) (Bar Mitzvah) (Logjam)
2016-06-23 00:00:00
Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20150715) (Bar Mitzvah) (Logjam)
2015-07-16 00:00:00
CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2015:1228) (Bar Mitzvah) (Logjam)
2015-07-16 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Algorithmics One Core, Algo Risk Application, and Counterparty Credit Risk
2018-06-15 22:39:24
Security Bulletin: Multiple vulnerabilities in Oracleยฎ Javaโ„ข Runtime Environment version 1.7 that is used by IBM Flex System Manager (FSM) Storage Management Install Anywhere (SMIA)
2018-06-18 01:34:26
Security Bulletin: CICS Transaction Gateway for Multiplatforms
2018-06-15 07:03:34
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 05:40:37
Sandbox Restrictions Bypass
2019-05-02 05:40:33
Sandbox Restrictions Bypass
2019-05-02 05:40:37
mageia
mageia
Updated java-1.8.0-openjdk package fixes security vulnerabilities
2015-07-27 12:53:07
centos
centos
java security update
2015-07-15 15:08:42
amazon
amazon
Important: java-1.8.0-openjdk
2015-07-22 10:00:00
redhat
redhat
(RHSA-2015:1228) Important: java-1.8.0-openjdk security update
2015-07-15 00:00:00
(RHSA-2015:1241) Critical: java-1.8.0-oracle security update
2015-07-17 07:49:43
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2015-07-15 00:00:00
suse
suse
Security update for java-1_8_0-openjdk (important)
2015-07-26 21:09:08
kaspersky
kaspersky
KLA10629 Multiple vulnerabilities in Oracle Java SE
2015-07-14 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2016-03-12 00:00:00
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-07-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00

0.014 Low

EPSS

Percentile

86.2%

JSON
Related for AKB:B9F2CFED-C0A1-431F-AEB0-DFA8B1EF82CF
cve1openvas11prion1debiancve1cvelist1nvd1ubuntucve1nessus12ibm5veracode13mageia1centos1amazon1redhat2oraclelinux1suse1kaspersky1gentoo1securityvulns1oracle1