Detections
Analytics

Alpine: openjdk7: security update to 7.79.-r0 (deprecated)

critical Tenable Cloud Security Plugin ID 401124

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect
 confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2015-4760)

 - Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33
 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
 to Libraries, a different vulnerability than CVE-2015-4732. (CVE-2015-2590)

 - Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded
 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.
 (CVE-2015-2601)

 - Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows
 remote attackers to affect confidentiality via vectors related to JCE. (CVE-2015-2613)

 - Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33,
 allows remote attackers to affect confidentiality via vectors related to JMX. (CVE-2015-2621)

See Also

https://git.alpinelinux.org/aports/commit/?id=1b3c2b9c9686fc1dbc2ae942aa0564c205a7a065

https://git.alpinelinux.org/aports/commit/?id=53fde1a7f3c09c33afbacffbbfd8f301e1d246f5

Plugin Details

Severity: Critical

ID: 401124

Version: Revision 1.25

Type: Local

Published: 8/16/2023

Updated: 5/7/2026

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Critical

Score: 9.0

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2015-4760

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2015-2590

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/17/2015

Vulnerability Publication Date: 3/31/2015

CISA Known Exploited Vulnerability Due Dates: 3/24/2022

Reference Information

CVE: CVE-2015-2590, CVE-2015-2601, CVE-2015-2613, CVE-2015-2621, CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760

BID: 73684, 74733, 75784, 75796, 75812, 75818, 75823, 75832, 75854, 75861, 75867, 75871, 75874, 75890, 75895