Kaspersky LabKLA10447KLA10447 Multiple vulnerabilities in Java SE
3.4 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
5.8 Medium
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
Detect date:
01/13/2015
Severity:
Critical
Description:
Multiple serious vulnerabilities have been found in Oracle products. Malicious users can exploit these vulnerabilities to cause loss of integrity, denial of service and obtain sensitive information.
Affected products:
Oracle Java SE versions 5u75, 6u85, 7u72 and 8u25
Oracle Java SE Embeded 7u71 and 8u6
JRockit 27.8.4 and 28.3.4
Solution:
Update to latest version
Get JRockit
Get Java SE
Original advisories:
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2015-04005.0Warning
CVE-2015-04131.9Warning
CVE-2015-04075.0Warning
CVE-2015-04127.2High
CVE-2015-04036.9High
CVE-2015-03835.4High
CVE-2014-65934.0Warning
CVE-2015-04379.3Critical
CVE-2014-35664.3Warning
CVE-2014-65852.6Warning
CVE-2015-04216.9High
CVE-2015-04105.0Warning
CVE-2014-65912.6Warning
CVE-2015-03959.3Critical
CVE-2014-65874.3Warning
CVE-2015-04065.8High
Exploitation:
Public exploits exist for this vulnerability.
References
www.oracle.com/technetwork/java/javase/downloads/index.html
www.oracle.com/technetwork/middleware/jrockit/overview/index-101826.html
www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0400
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0403
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0406
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0413
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0421
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0437
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Oracle-Java-JDK-1.7.x/
threats.kaspersky.com/en/product/Oracle-Java-JDK-1.8.x-3/
threats.kaspersky.com/en/product/Oracle-Java-JRE-1.7.x/
threats.kaspersky.com/en/product/Oracle-Java-JRE-1.8.x/
threats.kaspersky.com/en/product/Oracle-JRockit/
Related
3.4 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
5.8 Medium
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%