Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded 8u33 allows remote attackers to affect availability via unknown vectors related to Security.
Recent assessments:
jcran at November 14, 2019 9:43pm UTC reported:
Causes a hard crash for the web application server (for example, Tomcat) which directly handles web requests by simply posting 4097 characters to an affected server using the AES GCM cipher (where that server has the requisite CPU extensions enabled, which is most modern processors). Super easy to exploit; can just use curl.
See the blog post I wrote about it:
<https://blog.rapid7.com/2015/07/16/r7-2015-09-oracle-java-jre-aes-intrinsics-remote-denial-of-service-cve-2015-2659/>
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 5
kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html
rhn.redhat.com/errata/RHSA-2015-1228.html
rhn.redhat.com/errata/RHSA-2015-1241.html
www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
www.securityfocus.com/bid/75877
www.securitytracker.com/id/1032910
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2659
security.gentoo.org/glsa/201603-11