CVE-2015-0408

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html
http://marc.info/?l=bugtraq&m=142496355704097&w=2
http://marc.info/?l=bugtraq&m=142496355704097&w=2
http://marc.info/?l=bugtraq&m=142607790919348&w=2
http://rhn.redhat.com/errata/RHSA-2015-0068.html
http://rhn.redhat.com/errata/RHSA-2015-0079.html
http://rhn.redhat.com/errata/RHSA-2015-0080.html
http://rhn.redhat.com/errata/RHSA-2015-0085.html
http://rhn.redhat.com/errata/RHSA-2015-0086.html
http://rhn.redhat.com/errata/RHSA-2015-0136.html
http://rhn.redhat.com/errata/RHSA-2015-0264.html
http://www.debian.org/security/2015/dsa-3144
http://www.debian.org/security/2015/dsa-3147	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.securityfocus.com/bid/72140
http://www.securitytracker.com/id/1031580
http://www.ubuntu.com/usn/USN-2486-1
http://www.ubuntu.com/usn/USN-2487-1
http://www.vmware.com/security/advisories/VMSA-2015-0003.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/100142
https://security.gentoo.org/glsa/201507-14
https://security.gentoo.org/glsa/201603-14
https://www-304.ibm.com/support/docview.wss?uid=swg21695474
http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html
http://marc.info/?l=bugtraq&m=142496355704097&w=2
http://marc.info/?l=bugtraq&m=142496355704097&w=2
http://marc.info/?l=bugtraq&m=142607790919348&w=2
http://rhn.redhat.com/errata/RHSA-2015-0068.html
http://rhn.redhat.com/errata/RHSA-2015-0079.html
http://rhn.redhat.com/errata/RHSA-2015-0080.html
http://rhn.redhat.com/errata/RHSA-2015-0085.html
http://rhn.redhat.com/errata/RHSA-2015-0086.html
http://rhn.redhat.com/errata/RHSA-2015-0136.html
http://rhn.redhat.com/errata/RHSA-2015-0264.html
http://www.debian.org/security/2015/dsa-3144
http://www.debian.org/security/2015/dsa-3147	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.securityfocus.com/bid/72140
http://www.securitytracker.com/id/1031580
http://www.ubuntu.com/usn/USN-2486-1
http://www.ubuntu.com/usn/USN-2487-1
http://www.vmware.com/security/advisories/VMSA-2015-0003.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/100142
https://security.gentoo.org/glsa/201507-14
https://security.gentoo.org/glsa/201603-14
https://www-304.ibm.com/support/docview.wss?uid=swg21695474

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:jdk:1.5.0:update75::::::
	cpe:2.3:a:oracle:jdk:1.6.0:update85::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update72::::::
	cpe:2.3:a:oracle:jdk:1.8.0:update25::::::
	cpe:2.3:a:oracle:jre:1.5.0:update75::::::
	cpe:2.3:a:oracle:jre:1.6.0:update85::::::
	cpe:2.3:a:oracle:jre:1.7.0:update72::::::
	cpe:2.3:a:oracle:jre:1.8.0:update25::::::

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*
	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:sp3::::::
	cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

History

21 Nov 2024, 02:23

13 May 2022, 14:57

Type	Values Removed	Values Added
CPE	cpe:2.3:a:oracle:jdk:1.6.0:update_85:::::: cpe:2.3:a:oracle:jre:1.6.0:update_85:::::: cpe:2.3:a:oracle:jre:1.7.0:update_72:::::: cpe:2.3:a:oracle:jre:1.5.0:update_75:::::: cpe:2.3:a:oracle:jre:1.8.0:update_25:::::: cpe:2.3:a:oracle:jdk:1.5.0:update_75::::::	cpe:2.3:a:oracle:jre:1.5.0:update75:::::: cpe:2.3:a:oracle:jdk:1.6.0:update85:::::: cpe:2.3:a:oracle:jre:1.6.0:update85:::::: cpe:2.3:a:oracle:jre:1.8.0:update25:::::: cpe:2.3:a:oracle:jre:1.7.0:update72:::::: cpe:2.3:a:oracle:jdk:1.5.0:update75::::::

Information

Published : 2015-01-21 18:59

Updated : 2024-11-21 02:23

NVD link : CVE-2015-0408

Mitre link : CVE-2015-0408

CVE.ORG link : CVE-2015-0408

JSON object : View

Products Affected

novell

suse_linux_enterprise_desktop
suse_linux_enterprise_server

redhat

enterprise_linux

oracle

canonical

ubuntu_linux

debian

debian_linux

opensuse

opensuse

CWE

NVD-CWE-noinfo

{"id": "CVE-2015-0408", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-01-21T18:59:48.577", "references": [{"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html", "source": "secalert_us@oracle.com"}, {"url": "http://marc.info/?l=bugtraq&m=142496355704097&w=2", "source": "secalert_us@oracle.com"}, {"url": "http://marc.info/?l=bugtraq&m=142496355704097&w=2", "source": "secalert_us@oracle.com"}, {"url": "http://marc.info/?l=bugtraq&m=142607790919348&w=2", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0068.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0085.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0086.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0136.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html", "source": "secalert_us@oracle.com"}, {"url": "http://www.debian.org/security/2015/dsa-3144", "source": "secalert_us@oracle.com"}, {"url": "http://www.debian.org/security/2015/dsa-3147", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/72140", "source": "secalert_us@oracle.com"}, {"url": "http://www.securitytracker.com/id/1031580", "source": "secalert_us@oracle.com"}, {"url": "http://www.ubuntu.com/usn/USN-2486-1", "source": "secalert_us@oracle.com"}, {"url": "http://www.ubuntu.com/usn/USN-2487-1", "source": "secalert_us@oracle.com"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html", "source": "secalert_us@oracle.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100142", "source": "secalert_us@oracle.com"}, {"url": "https://security.gentoo.org/glsa/201507-14", "source": "secalert_us@oracle.com"}, {"url": "https://security.gentoo.org/glsa/201603-14", "source": "secalert_us@oracle.com"}, {"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", "source": "secalert_us@oracle.com"}, {"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=142496355704097&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=142496355704097&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=142607790919348&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0068.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0085.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0086.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0136.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2015/dsa-3144", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2015/dsa-3147", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/72140", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1031580", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2486-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2487-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100142", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201507-14", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201603-14", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Oracle Java SE 5.0u75, 6u85, 7u72, y 8u25 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a trav\u00e9s de vectores relacionados con RMI."}], "lastModified": "2024-11-21T02:23:00.780", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update75:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C137033-B58D-47A1-B10E-97E161B9DBB9"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update85:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B47EBED9-2DA8-4282-91B8-4F5BE586078B"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update72:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D95925E1-5761-4CDD-80A0-52939ABF52F8"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update25:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E87241E0-A296-4CAA-980A-FC572DAEB9F5"}, {"criteria": "cpe:2.3:a:oracle:jre:1.5.0:update75:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B25BDB2-90A1-40EA-B1EE-CF1B731CE919"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update85:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9FE9C93-6AE9-49E7-B908-DF85B21F7247"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update72:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E40DC6EF-6153-403A-BAA0-4425385F92DA"}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update25:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A9B64C6-749E-4E98-9ACA-B715A13EA390"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359"}, {"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A46AFB60-4775-48A9-81FA-5A54CEDA7625"}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}], "operator": "OR"}]}], "evaluatorComment": "As per Oracle:\n\nApplies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.\n\n\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\n\n", "sourceIdentifier": "secalert_us@oracle.com"}

10.0 /10