Vulnerabilities > CVE-2015-0484

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
oracle
opensuse
suse
nessus

Summary

Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492. Per Oracle: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. (http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_7_0-OPENJDK-150419.NASL
    descriptionOpenJDK was updated to version 2.5.5 - OpenJDK 7u79 to fix security issues and bugs. The following vulnerabilities have been fixed : - Deployment: unauthenticated remote attackers could execute arbitrary code via multiple protocols. (CVE-2015-0458) - 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. (CVE-2015-0459) - Hotspot: unauthenticated remote attackers could execute arbitrary code via multiple protocols. (CVE-2015-0460) - 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. (CVE-2015-0469) - Beans: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols. (CVE-2015-0477) - JCE: unauthenticated remote attackers could read some JAVA accessible data via multiple protocols. (CVE-2015-0478) - Tools: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols and cause a partial denial of service (partial DOS). (CVE-2015-0480) - JavaFX: unauthenticated remote attackers could read, update, insert or delete access some Java accessible data via multiple protocols and cause a partial denial of service (partial DOS). (CVE-2015-0484) - JSSE: unauthenticated remote attackers could cause a partial denial of service (partial DOS). (CVE-2015-0488) - 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. (CVE-2015-0491) - JavaFX: unauthenticated remote attackers could execute arbitrary code via multiple protocols. (CVE-2015-0492)
    last seen2020-06-01
    modified2020-06-02
    plugin id83287
    published2015-05-08
    reporterThis script is Copyright (C) 2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83287
    titleSuSE 11.3 Security Update : java-1_7_0-openjdk (SAT Patch Number 10621)
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_APR_2015.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 45, 7 Update 79, 6 Update 95, or 5 Update 85. It is, therefore, affected by security vulnerabilities in the following components : - 2D - Beans - Deployment - Hotspot - JavaFX - JCE - JSSE - Tools
    last seen2020-06-01
    modified2020-06-02
    plugin id82820
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82820
    titleOracle Java SE Multiple Vulnerabilities (April 2015 CPU) (FREAK)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-332.NASL
    descriptionOpenJDK was updated to jdk8u45-b14 to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-0458: Deployment: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0459: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0460: Hotspot: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0469: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0470: Hotspot: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols - CVE-2015-0477: Beans: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols - CVE-2015-0478: JCE: unauthenticated remote attackers could read some JAVA accessible data via multiple protocols - CVE-2015-0480: Tools: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols and cause a partial denial of service (partial DOS) - CVE-2015-0484: JavaFX: unauthenticated remote attackers could read, update, insert or delete access some Java accessible data via multiple protocols and cause a partial denial of service (partial DOS). - CVE-2015-0486: Deployment: unauthenticated remote attackers could read some JAVA accessible data via multiple protocols - CVE-2015-0488: JSSE: unauthenticated remote attackers could cause a partial denial of service (partial DOS). - CVE-2015-0491: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0492: JavaFX: unauthenticated remote attackers could execute arbitrary code via multiple protocols.
    last seen2020-06-05
    modified2015-04-28
    plugin id83107
    published2015-04-28
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83107
    titleopenSUSE Security Update : java-1_8_0-openjdk (openSUSE-2015-332)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0854.NASL
    descriptionUpdated java-1.8.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.8.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 8 Update 45 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82897
    published2015-04-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82897
    titleRHEL 6 / 7 : java-1.8.0-oracle (RHSA-2015:0854)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201603-11.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201603-11 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities exist in both Oracle’s JRE and JDK. Please review the referenced CVE’s for additional information. Impact : Remote attackers could gain access to information, remotely execute arbitrary code, and cause Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id89904
    published2016-03-14
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89904
    titleGLSA-201603-11 : Oracle JRE/JDK: Multiple vulnerabilities (Logjam)
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_APR_2015_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 45, 7 Update 79, 6 Update 95, or 5 Update 85. It is, therefore, affected by security vulnerabilities in the following components : - 2D - Beans - Deployment - Hotspot - JavaFX - JCE - JSSE - Tools
    last seen2020-06-01
    modified2020-06-02
    plugin id82821
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82821
    titleOracle Java SE Multiple Vulnerabilities (April 2015 CPU) (Unix) (FREAK)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-331.NASL
    descriptionOpenJDK was updated to 2.5.5 - OpenJdk 7u79 to fix security issues and bugs : The following vulnerabilities were fixed : - CVE-2015-0458: Deployment: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0459: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0460: Hotspot: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0469: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0477: Beans: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols - CVE-2015-0478: JCE: unauthenticated remote attackers could read some JAVA accessible data via multiple protocols - CVE-2015-0480: Tools: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols and cause a partial denial of service (partial DOS) - CVE-2015-0484: JavaFX: unauthenticated remote attackers could read, update, insert or delete access some Java accessible data via multiple protocols and cause a partial denial of service (partial DOS). - CVE-2015-0488: JSSE: unauthenticated remote attackers could cause a partial denial of service (partial DOS). - CVE-2015-0491: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0492: JavaFX: unauthenticated remote attackers could execute arbitrary code via multiple protocols.
    last seen2020-06-05
    modified2015-04-28
    plugin id83106
    published2015-04-28
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83106
    titleopenSUSE Security Update : java-1_7_0-openjdk (openSUSE-2015-331)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0857.NASL
    descriptionUpdated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 79 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82909
    published2015-04-21
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82909
    titleRHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2015:0857)

Redhat

advisories
  • rhsa
    idRHSA-2015:0854
  • rhsa
    idRHSA-2015:0857
rpms
  • java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el6_6
  • java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el7_1
  • java-1.8.0-oracle-devel-1:1.8.0.45-1jpp.2.el6_6
  • java-1.8.0-oracle-devel-1:1.8.0.45-1jpp.2.el7_1
  • java-1.8.0-oracle-javafx-1:1.8.0.45-1jpp.2.el6_6
  • java-1.8.0-oracle-javafx-1:1.8.0.45-1jpp.2.el7_1
  • java-1.8.0-oracle-jdbc-1:1.8.0.45-1jpp.2.el6_6
  • java-1.8.0-oracle-jdbc-1:1.8.0.45-1jpp.2.el7_1
  • java-1.8.0-oracle-plugin-1:1.8.0.45-1jpp.2.el6_6
  • java-1.8.0-oracle-plugin-1:1.8.0.45-1jpp.2.el7_1
  • java-1.8.0-oracle-src-1:1.8.0.45-1jpp.2.el6_6
  • java-1.8.0-oracle-src-1:1.8.0.45-1jpp.2.el7_1
  • java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el5_11
  • java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el6_6
  • java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el7_1
  • java-1.7.0-oracle-devel-1:1.7.0.79-1jpp.1.el5_11
  • java-1.7.0-oracle-devel-1:1.7.0.79-1jpp.1.el6_6
  • java-1.7.0-oracle-devel-1:1.7.0.79-1jpp.1.el7_1
  • java-1.7.0-oracle-javafx-1:1.7.0.79-1jpp.1.el5_11
  • java-1.7.0-oracle-javafx-1:1.7.0.79-1jpp.1.el6_6
  • java-1.7.0-oracle-javafx-1:1.7.0.79-1jpp.1.el7_1
  • java-1.7.0-oracle-jdbc-1:1.7.0.79-1jpp.1.el5_11
  • java-1.7.0-oracle-jdbc-1:1.7.0.79-1jpp.1.el6_6
  • java-1.7.0-oracle-jdbc-1:1.7.0.79-1jpp.1.el7_1
  • java-1.7.0-oracle-plugin-1:1.7.0.79-1jpp.1.el5_11
  • java-1.7.0-oracle-plugin-1:1.7.0.79-1jpp.1.el6_6
  • java-1.7.0-oracle-plugin-1:1.7.0.79-1jpp.1.el7_1
  • java-1.7.0-oracle-src-1:1.7.0.79-1jpp.1.el5_11
  • java-1.7.0-oracle-src-1:1.7.0.79-1jpp.1.el6_6
  • java-1.7.0-oracle-src-1:1.7.0.79-1jpp.1.el7_1