CVE-2015-0486

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.

References

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html

http://rhn.redhat.com/errata/RHSA-2015-0854.html

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

http://www.securityfocus.com/bid/74145

http://www.securitytracker.com/id/1032120

http://www-01.ibm.com/support/docview.wss?uid=swg21883640

https://security.gentoo.org/glsa/201603-11

Details

Source: MITRE

Published: 2015-04-16

Updated: 2020-09-08

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:oracle:jdk:1.8.0:update40:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_40:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Tenable Plugins

View all (8 total)

IDNameProductFamilySeverity
700650Oracle Java SE 5 < Update 85 / 6 < Update 95 / 7 < Update 79 / 8 < Update 45 Multiple Vulnerabilities (April 2015 CPU) (FREAK)Nessus Network MonitorWeb Clients
critical
89904GLSA-201603-11 : Oracle JRE/JDK: Multiple vulnerabilities (Logjam)NessusGentoo Local Security Checks
low
84087AIX Java Advisory : java_april2015_advisory.asc (Bar Mitzvah) (FREAK)NessusAIX Local Security Checks
critical
83107openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2015-332)NessusSuSE Local Security Checks
critical
82897RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2015:0854)NessusRed Hat Local Security Checks
critical
82821Oracle Java SE Multiple Vulnerabilities (April 2015 CPU) (Unix) (FREAK)NessusMisc.
critical
82820Oracle Java SE Multiple Vulnerabilities (April 2015 CPU) (FREAK)NessusWindows
critical
8748Oracle Java SE 8 < Update 41 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical