Oracle Java SE 6 < Update 101 / 7 < Update 85 / 8 < Update 51 Multiple Vulnerabilities

The Oracle Java SE installed on the remote host is version 6 prior to Update 101, 7 prior to Update 85, or 8 prior to Update 51 and is affected by multiple vulnerabilities:

• A flaw in the ‘ObjectInputStream::readSerialData()’ function in ‘share/classes/java/io/ObjectInputStream.java’ that is triggered when handling OIS data allowing a context-dependent attacker to execute arbitrary code. (CVE-2015-2590)
• An unspecified flaw related to the Hotspot component may allow a context-dependent attacker to have an impact on integrity. (CVE-2015-2596)
• A flaw in the JCE component as various cryptographic operations use non-constant time comparisons allowing a remote attacker to conduct timing attacks in order to possibly glean sensitive information. (CVE-2015-2601)
• A flaw in the ‘ECDH_Derive()’ function in ‘share/native/sun/security/ec/impl/ec.c’ related to missing EC parameter validation when performing ECDH key derivation allowing a remote attacker to disclose potentially sensitive information. (CVE-2015-2613)
• An unspecified flaw related to the 2D component may allow a context-dependent attacker to gain access to sensitive information. (CVE-2015-2619)
• A flaw in the ‘RMIConnectionImpl’ constructor in ‘share/classes/javax/management/remote/rmi/RMIConnectionImpl.java’. The issue is triggered due to improper permission checks when creating repository class loaders allowing a context-dependent attacker to bypass sandbox restrictions and disclose sensitive information. (CVE-2015-2621)
• A flaw in the JSSE component that is triggered when performing X.509 certificate identity checks allowing a remote attacker to have a certificate for another domain being accepted as valid. (CVE-2015-2625)
• An unspecified flaw related to the Install component allowing a remote attacker to gain access to sensitive information. (CVE-2015-2627)
• A typecasting flaw in ‘share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java’ that is triggered when handling IIOP operations allowing a context-dependent attacker to potentially execute arbitrary code. (CVE-2015-2628)
• International Components for Unicode for C/C++ (ICU4C) contains an integer overflow condition in the ‘LETableReference::verifyLength()’ function in ‘layout/LETableReference.h’. With a specially crafted font, a context-dependent attacker can crash an application linked against the library or potentially disclose memory contents. (CVE-2015-2632)
• An unspecified flaw related to the 2D component allowing a context-dependent attacker to gain access to sensitive information. (CVE-2015-2637)
• An unspecified flaw related to the 2D component allowing a context-dependent attacker to execute arbitrary code. (CVE-2015-2638)
• A NULL pointer dereference flaw in ‘share/classes/com/sun/crypto/provider/GCTR.java’ related to the GCM (Galois Counter Mode) implementation. The issue is triggered when performing encryption using a block cipher in GCM mode and may allow a remote attacker to cause a crash. (CVE-2015-2659)
• An unspecified flaw in the Deployment component allowing a local attacker to gain elevated privileges. (CVE-2015-2664)
• An unspecified flaw related to the Deployment component may allow a remote attacker to have an impact on confidentiality and integrity. (CVE-2015-4729)
• A flaw in ‘share/classes/javax/management/MBeanServerInvocationHandler.java’ is triggered when handling MBean connection proxy classes allowing a context-dependent attacker to bypass sandbox restrictions and potentially execute arbitrary code. (CVE-2015-4731)
• A flaw in ‘share/classes/java/io/ObjectInputStream.java’ and ‘share/classes/java/io/SerialCallbackContext.java’ related to insufficient context checks allowing a context-dependent attacker to potentially execute arbitrary code. (CVE-2015-4732)
• A flaw in the ‘RemoteObjectInvocationHandler::invoke()’ function in ‘share/classes/java/rmi/server/RemoteObjectInvocationHandler.java’. The issue is triggered as calls to the finalize() method are permitted allowing a context-dependent attacker to bypass sandbox protections and potentially execute arbitrary code. (CVE-2015-4733)
• An unspecified flaw related to the Deployment component may allow a context-dependent attacker to execute arbitrary code. (CVE-2015-4736)
• A flaw that is triggered when handling Online Certificate Status Protocol (OCSP) responses with no ‘nextUpdate’ date specified allowing a remote attacker to cause an application to accept a revoked X.509 certificate. (CVE-2015-4748)
• A flaw in the ‘DnsClient::query()’ function in ‘share/classes/com/sun/jndi/dns/DnsClient.java’. The issue is triggered as JNDI DnsClient’s exception handling fails to release request information allowing a remote attacker to exhaust memory resources and cause a denial of service. (CVE-2015-4749)
  -International Components for Unicode for C/C++ (ICU4C) contains overflow conditions in the layout engine. With a specially crafted font, a context-dependent attacker can cause a buffer overflow, crashing an application linked against the library or potentially allowing execution of arbitrary code. (CVE-2015-4760)