Kaspersky LabKLA10629KLA10629 Multiple vulnerabilities in Oracle Java SE
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
5.4 Medium
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
Detect date:
07/14/2015
Severity:
Critical
Description:
An unspecified vulnerabilities were found in Oracle Java SE. By exploiting these vulnerabilities malicious users can cause denial of service, affect integrity and obtain sensitive information. These vulnerabilities can be exploited remotely via vectors related to 2D, CORBA, JMX, Libraries, RMI, Deployment, Security, Install, JCE, Hotspot, JNDI and JSSE.
Affected products:
Oracle Java SE versions 6u95, 7u80 and 8u45
Oracle Java SE Embedded versions 7u75 and 8u33
Solution:
Update to the latest version
Get Java SE
Original advisories:
Impacts:
OSI
Related products:
CVE-IDS:
CVE-2015-26215.0Warning
CVE-2015-26015.0Warning
CVE-2015-25964.3Warning
CVE-2015-25977.2High
CVE-2015-47494.3Warning
CVE-2015-47487.6Critical
CVE-2015-47294.0Warning
CVE-2015-26595.0Warning
CVE-2015-40004.3Warning
CVE-2015-26646.9High
CVE-2015-28085.0Warning
CVE-2015-26325.0Warning
CVE-2015-26375.0Warning
CVE-2015-26135.0Warning
CVE-2015-26272.6Warning
CVE-2015-26252.6Warning
CVE-2015-26195.0Warning
CVE-2015-47369.3Critical
Exploitation:
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
References
www.oracle.com/technetwork/java/javase/downloads/index.html
www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2596
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2597
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2619
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2627
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2637
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2659
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2664
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4729
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4736
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Oracle-Java-JDK-1.7.x/
threats.kaspersky.com/en/product/Oracle-Java-JDK-1.8.x-3/
threats.kaspersky.com/en/product/Oracle-Java-JRE-1.7.x/
threats.kaspersky.com/en/product/Oracle-Java-JRE-1.8.x/
Related
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
5.4 Medium
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%