CVE-2015-4911

MEDIUM

Description

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893.

References

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html

http://rhn.redhat.com/errata/RHSA-2015-1919.html

http://rhn.redhat.com/errata/RHSA-2015-1920.html

http://rhn.redhat.com/errata/RHSA-2015-1921.html

http://rhn.redhat.com/errata/RHSA-2015-1926.html

http://rhn.redhat.com/errata/RHSA-2015-1927.html

http://rhn.redhat.com/errata/RHSA-2015-1928.html

http://www.debian.org/security/2015/dsa-3381

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/77209

http://www.securitytracker.com/id/1033884

http://www.ubuntu.com/usn/USN-2784-1

http://www.ubuntu.com/usn/USN-2827-1

https://kc.mcafee.com/corporate/index?page=content&id=SB10141

https://security.gentoo.org/glsa/201603-11

https://security.gentoo.org/glsa/201603-14

Details

Source: MITRE

Published: 2015-10-22

Updated: 2020-09-08

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (52 total)

IDNameProductFamilySeverity
700652Oracle Java SE 6 < Update 105 / 7 < Update 91 / 8 < Update 65 Multiple Vulnerabilities (October 2015 CPU)Nessus Network MonitorWeb Clients
critical
119972SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2015:2192-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
9352Oracle Java SE 6 < Update 105 / 7 < Update 91 / 8 < Update 65 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
89907GLSA-201603-14 : IcedTea: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
89904GLSA-201603-11 : Oracle JRE/JDK: Multiple vulnerabilities (Logjam)NessusGentoo Local Security Checks
critical
88537openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-106) (SLOTH)NessusSuSE Local Security Checks
critical
87914SUSE SLES10 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0113-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
87405SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2015:2268-1)NessusSuSE Local Security Checks
critical
87404SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2015:2168-2) (FREAK)NessusSuSE Local Security Checks
critical
87386FreeBSD : java -- multiple vulnerabilities (a5934ba8-a376-11e5-85e9-14dae9d210b8)NessusFreeBSD Local Security Checks
critical
87374AIX Java Advisory : java_oct2015_advisory.asc (October 2015 CPU)NessusAIX Local Security Checks
critical
87342Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2015-616)NessusAmazon Linux Local Security Checks
critical
87277SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2015:2216-1) (FREAK)NessusSuSE Local Security Checks
critical
87204Ubuntu 12.04 LTS : openjdk-6 vulnerabilities (USN-2827-1)NessusUbuntu Local Security Checks
critical
87200SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2015:2182-1) (FREAK)NessusSuSE Local Security Checks
critical
87181SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2015:2168-1) (FREAK)NessusSuSE Local Security Checks
critical
87180SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2015:2166-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
87056Debian DLA-346-1 : openjdk-6 security updateNessusDebian Local Security Checks
critical
86962openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2015-736)NessusSuSE Local Security Checks
critical
86938Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20151118)NessusScientific Linux Local Security Checks
critical
86930RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2015:2086)NessusRed Hat Local Security Checks
critical
86927Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2015-2086)NessusOracle Linux Local Security Checks
critical
86919CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2015:2086)NessusCentOS Local Security Checks
critical
86732openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2015-697)NessusSuSE Local Security Checks
critical
86731openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2015-696)NessusSuSE Local Security Checks
critical
86730openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2015-695)NessusSuSE Local Security Checks
critical
86708SUSE SLED11 Security Update : java-1_7_0-openjdk (SUSE-SU-2015:1875-2)NessusSuSE Local Security Checks
critical
86707SUSE SLED11 Security Update : java-1_7_0-openjdk (SUSE-SU-2015:1875-1)NessusSuSE Local Security Checks
critical
86706SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2015:1874-2)NessusSuSE Local Security Checks
critical
86705SUSE SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2015:1874-1)NessusSuSE Local Security Checks
critical
86650Ubuntu 14.04 LTS / 15.04 / 15.10 : openjdk-7 vulnerabilities (USN-2784-1)NessusUbuntu Local Security Checks
critical
86642Debian DSA-3381-1 : openjdk-7 - security updateNessusDebian Local Security Checks
critical
86637Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2015-606)NessusAmazon Linux Local Security Checks
critical
86636Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2015-605)NessusAmazon Linux Local Security Checks
critical
86562RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2015:1928)NessusRed Hat Local Security Checks
critical
86561RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2015:1927)NessusRed Hat Local Security Checks
critical
86560RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2015:1926)NessusRed Hat Local Security Checks
critical
86543Oracle Java SE Multiple Vulnerabilities (October 2015 CPU) (Unix)NessusMisc.
critical
86542Oracle Java SE Multiple Vulnerabilities (October 2015 CPU)NessusWindows
critical
86529Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20151021)NessusScientific Linux Local Security Checks
critical
86528Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64 (20151021)NessusScientific Linux Local Security Checks
critical
86527Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20151021)NessusScientific Linux Local Security Checks
critical
86526RHEL 5 : java-1.7.0-openjdk (RHSA-2015:1921)NessusRed Hat Local Security Checks
critical
86525RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2015:1920)NessusRed Hat Local Security Checks
critical
86524RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2015:1919)NessusRed Hat Local Security Checks
critical
86522Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2015-1921)NessusOracle Linux Local Security Checks
critical
86521Oracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2015-1920)NessusOracle Linux Local Security Checks
critical
86520Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2015-1919)NessusOracle Linux Local Security Checks
critical
86518CentOS 5 : java-1.7.0-openjdk (CESA-2015:1921)NessusCentOS Local Security Checks
critical
86517CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2015:1920)NessusCentOS Local Security Checks
critical
86516CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2015:1919)NessusCentOS Local Security Checks
critical
86474Oracle JRockit R28 < R28.3.8 Multiple Vulnerabilities (October 2015 CPU)NessusWindows
medium