CVE-2015-0460

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

References

http://advisories.mageia.org/MGASA-2015-0158.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html

http://rhn.redhat.com/errata/RHSA-2015-0806.html

http://rhn.redhat.com/errata/RHSA-2015-0807.html

http://rhn.redhat.com/errata/RHSA-2015-0808.html

http://rhn.redhat.com/errata/RHSA-2015-0809.html

http://rhn.redhat.com/errata/RHSA-2015-0854.html

http://rhn.redhat.com/errata/RHSA-2015-0857.html

http://rhn.redhat.com/errata/RHSA-2015-0858.html

http://www.debian.org/security/2015/dsa-3234

http://www.debian.org/security/2015/dsa-3235

http://www.debian.org/security/2015/dsa-3316

http://www.mandriva.com/security/advisories?name=MDVSA-2015:212

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

http://www.securityfocus.com/bid/74097

http://www.securitytracker.com/id/1032120

http://www.ubuntu.com/usn/USN-2573-1

http://www.ubuntu.com/usn/USN-2574-1

https://security.gentoo.org/glsa/201603-11

Details

Source: MITRE

Published: 2015-04-16

Updated: 2020-09-08

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:oracle:jdk:1.5.0:update_81:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_91:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update_76:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update40:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.5.0:update_81:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_91:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update_76:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_40:*:*:*:*:*:*

Tenable Plugins

View all (40 total)

IDNameProductFamilySeverity
700650Oracle Java SE 5 < Update 85 / 6 < Update 95 / 7 < Update 79 / 8 < Update 45 Multiple Vulnerabilities (April 2015 CPU) (FREAK)Nessus Network MonitorWeb Clients
critical
89904GLSA-201603-11 : Oracle JRE/JDK: Multiple vulnerabilities (Logjam)NessusGentoo Local Security Checks
low
85031Debian DSA-3316-1 : openjdk-7 - security update (Bar Mitzvah) (Logjam)NessusDebian Local Security Checks
low
83287SuSE 11.3 Security Update : java-1_7_0-openjdk (SAT Patch Number 10621)NessusSuSE Local Security Checks
critical
83268Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2015-517)NessusAmazon Linux Local Security Checks
critical
83165Debian DLA-213-1 : openjdk-6 security updateNessusDebian Local Security Checks
critical
83107openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2015-332)NessusSuSE Local Security Checks
critical
83106openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2015-331)NessusSuSE Local Security Checks
critical
83104Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2015:212)NessusMandriva Local Security Checks
critical
83063Debian DSA-3235-1 : openjdk-7 - security updateNessusDebian Local Security Checks
critical
83062Debian DSA-3234-1 : openjdk-6 - security updateNessusDebian Local Security Checks
critical
83059Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2015-516)NessusAmazon Linux Local Security Checks
critical
83058Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2015-515)NessusAmazon Linux Local Security Checks
critical
82992Ubuntu 14.04 LTS / 14.10 : openjdk-7 vulnerabilities (USN-2574-1)NessusUbuntu Local Security Checks
critical
82991Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2573-1)NessusUbuntu Local Security Checks
critical
82910RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2015:0858)NessusRed Hat Local Security Checks
critical
82909RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2015:0857)NessusRed Hat Local Security Checks
critical
82897RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2015:0854)NessusRed Hat Local Security Checks
critical
82821Oracle Java SE Multiple Vulnerabilities (April 2015 CPU) (Unix) (FREAK)NessusMisc.
critical
82820Oracle Java SE Multiple Vulnerabilities (April 2015 CPU) (FREAK)NessusWindows
critical
82816Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/srpm/x86_64 (20150415)NessusScientific Linux Local Security Checks
critical
82815Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/srpm/x86_64 (20150415)NessusScientific Linux Local Security Checks
critical
82814Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20150415)NessusScientific Linux Local Security Checks
critical
82813Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/srpm/x86_64 (20150415)NessusScientific Linux Local Security Checks
critical
82811RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2015:0809)NessusRed Hat Local Security Checks
critical
82810RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2015:0808)NessusRed Hat Local Security Checks
critical
82809RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2015:0806)NessusRed Hat Local Security Checks
critical
82808Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2015-0807)NessusOracle Linux Local Security Checks
critical
82804CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2015:0809)NessusCentOS Local Security Checks
critical
82803CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2015:0808)NessusCentOS Local Security Checks
critical
82802CentOS 5 : java-1.7.0-openjdk (CESA-2015:0807)NessusCentOS Local Security Checks
critical
82801CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2015:0806)NessusCentOS Local Security Checks
critical
82791RHEL 5 : java-1.7.0-openjdk (RHSA-2015:0807)NessusRed Hat Local Security Checks
critical
82789Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2015-0809)NessusOracle Linux Local Security Checks
critical
82788Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2015-0808)NessusOracle Linux Local Security Checks
critical
82787Oracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2015-0806)NessusOracle Linux Local Security Checks
critical
8751Oracle Java SE 5 < Update 82 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
8750Oracle Java SE 6 < Update 92 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
8749Oracle Java SE 7 < Update 77 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
8748Oracle Java SE 8 < Update 41 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical