CVE-2015-0460

HIGH

Description

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

References

http://advisories.mageia.org/MGASA-2015-0158.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html

http://rhn.redhat.com/errata/RHSA-2015-0806.html

http://rhn.redhat.com/errata/RHSA-2015-0807.html

http://rhn.redhat.com/errata/RHSA-2015-0808.html

http://rhn.redhat.com/errata/RHSA-2015-0809.html

http://rhn.redhat.com/errata/RHSA-2015-0854.html

http://rhn.redhat.com/errata/RHSA-2015-0857.html

http://rhn.redhat.com/errata/RHSA-2015-0858.html

http://www.debian.org/security/2015/dsa-3234

http://www.debian.org/security/2015/dsa-3235

http://www.debian.org/security/2015/dsa-3316

http://www.mandriva.com/security/advisories?name=MDVSA-2015:212

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

http://www.securityfocus.com/bid/74097

http://www.securitytracker.com/id/1032120

http://www.ubuntu.com/usn/USN-2573-1

http://www.ubuntu.com/usn/USN-2574-1

https://security.gentoo.org/glsa/201603-11

Details

Source: MITRE

Published: 2015-04-16

Updated: 2017-11-04

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:oracle:jdk:1.5.0:update_81:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_91:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update_76:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update_40:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.5.0:update_81:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_91:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update_76:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_40:*:*:*:*:*:*

Tenable Plugins

View all (40 total)

ID	Name	Product	Family	Severity
700650	Oracle Java SE 5 < Update 85 / 6 < Update 95 / 7 < Update 79 / 8 < Update 45 Multiple Vulnerabilities (April 2015 CPU) (FREAK)	Nessus Network Monitor	Web Clients	critical
89904	GLSA-201603-11 : Oracle JRE/JDK: Multiple vulnerabilities (Logjam)	Nessus	Gentoo Local Security Checks	critical
85031	Debian DSA-3316-1 : openjdk-7 - security update (Bar Mitzvah) (Logjam)	Nessus	Debian Local Security Checks	critical
83287	SuSE 11.3 Security Update : java-1_7_0-openjdk (SAT Patch Number 10621)	Nessus	SuSE Local Security Checks	critical
83268	Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2015-517)	Nessus	Amazon Linux Local Security Checks	critical
83165	Debian DLA-213-1 : openjdk-6 security update	Nessus	Debian Local Security Checks	critical
83107	openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2015-332)	Nessus	SuSE Local Security Checks	critical
83106	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2015-331)	Nessus	SuSE Local Security Checks	critical
83104	Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2015:212)	Nessus	Mandriva Local Security Checks	critical
83063	Debian DSA-3235-1 : openjdk-7 - security update	Nessus	Debian Local Security Checks	critical
83062	Debian DSA-3234-1 : openjdk-6 - security update	Nessus	Debian Local Security Checks	critical
83059	Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2015-516)	Nessus	Amazon Linux Local Security Checks	critical
83058	Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2015-515)	Nessus	Amazon Linux Local Security Checks	critical
82992	Ubuntu 14.04 LTS / 14.10 : openjdk-7 vulnerabilities (USN-2574-1)	Nessus	Ubuntu Local Security Checks	critical
82991	Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2573-1)	Nessus	Ubuntu Local Security Checks	critical
82910	RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2015:0858)	Nessus	Red Hat Local Security Checks	critical
82909	RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2015:0857)	Nessus	Red Hat Local Security Checks	critical
82897	RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2015:0854)	Nessus	Red Hat Local Security Checks	critical
82821	Oracle Java SE Multiple Vulnerabilities (April 2015 CPU) (Unix) (FREAK)	Nessus	Misc.	critical
82820	Oracle Java SE Multiple Vulnerabilities (April 2015 CPU) (FREAK)	Nessus	Windows	critical
82816	Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/srpm/x86_64 (20150415)	Nessus	Scientific Linux Local Security Checks	critical
82815	Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/srpm/x86_64 (20150415)	Nessus	Scientific Linux Local Security Checks	critical
82814	Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20150415)	Nessus	Scientific Linux Local Security Checks	critical
82813	Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/srpm/x86_64 (20150415)	Nessus	Scientific Linux Local Security Checks	critical
82811	RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2015:0809)	Nessus	Red Hat Local Security Checks	critical
82810	RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2015:0808)	Nessus	Red Hat Local Security Checks	critical
82809	RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2015:0806)	Nessus	Red Hat Local Security Checks	critical
82808	Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2015-0807)	Nessus	Oracle Linux Local Security Checks	critical
82804	CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2015:0809)	Nessus	CentOS Local Security Checks	critical
82803	CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2015:0808)	Nessus	CentOS Local Security Checks	critical
82802	CentOS 5 : java-1.7.0-openjdk (CESA-2015:0807)	Nessus	CentOS Local Security Checks	critical
82801	CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2015:0806)	Nessus	CentOS Local Security Checks	critical
82791	RHEL 5 : java-1.7.0-openjdk (RHSA-2015:0807)	Nessus	Red Hat Local Security Checks	critical
82789	Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2015-0809)	Nessus	Oracle Linux Local Security Checks	critical
82788	Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2015-0808)	Nessus	Oracle Linux Local Security Checks	critical
82787	Oracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2015-0806)	Nessus	Oracle Linux Local Security Checks	critical
8751	Oracle Java SE 5 < Update 82 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	critical
8750	Oracle Java SE 6 < Update 92 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	critical
8749	Oracle Java SE 7 < Update 77 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	critical
8748	Oracle Java SE 8 < Update 41 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	critical