KLA10447
Multiple vulnerabilities in Java SE
Updated: 06/01/2019
Detect date
?
01/13/2015
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Oracle products. Malicious users can exploit these vulnerabilities to cause loss of integrity, denial of service and obtain sensitive information.

Below is a complete list of vulnerabilities

  1. Vectors relsted to Swing, Hotspot, JAX-WS, Deployment, Serviceability, Libraries, Security, 2D and installation process can be exploited remotely or locally via unspecified vulnerabilities;
  2. Vectors related to OpenSSL can be exploited via a padding oracle attack.
Affected products

Oracle Java SE versions 5u75, 6u85, 7u72 and 8u25
Oracle Java SE Embeded 7u71 and 8u6
JRockit 27.8.4 and 28.3.4

Solution

Update to latest version
Get JRockit
Get Java SE

Original advisories

Oracle advisory

Impacts
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]

WLF 
[?]

PE 
[?]

LoI 
[?]
CVE-IDS
?
CVE-2015-04005.0Critical
CVE-2015-04131.9Warning
CVE-2015-040810.0Critical
CVE-2015-04075.0Critical
CVE-2015-04127.2High
CVE-2014-660110.0Critical
CVE-2015-04036.9High
CVE-2015-03835.4High
CVE-2014-65934.0Warning
CVE-2015-04379.3Critical
CVE-2014-35664.3Warning
CVE-2014-65852.6Warning
CVE-2015-04216.9High
CVE-2015-04105.0Critical
CVE-2014-65912.6Warning
CVE-2014-654910.0Critical
CVE-2015-03959.3Critical
CVE-2014-65874.3Warning
CVE-2015-04065.8High