KLA10447
Multiple vulnerabilities in Java SE

Обновлено: 18/06/2020
Дата обнаружения
13/01/2015
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Oracle products. Malicious users can exploit these vulnerabilities to cause loss of integrity, denial of service and obtain sensitive information.

Below is a complete list of vulnerabilities

  1. Vectors relsted to Swing, Hotspot, JAX-WS, Deployment, Serviceability, Libraries, Security, 2D and installation process can be exploited remotely or locally via unspecified vulnerabilities;
  2. Vectors related to OpenSSL can be exploited via a padding oracle attack.
Пораженные продукты

Oracle Java SE versions 5u75, 6u85, 7u72 and 8u25
Oracle Java SE Embeded 7u71 and 8u6
JRockit 27.8.4 and 28.3.4

Решение

Update to latest version
Get JRockit
Get Java SE

Первичный источник обнаружения
Oracle advisory
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]

WLF 
[?]

PE 
[?]

LoI 
[?]
Связанные продукты
Oracle Java JRE 1.7.x
Oracle Java JDK 1.7.x
Oracle Java JDK 1.8.x
Oracle Java JRE 1.8.x
Oracle JRockit
CVE-IDS
CVE-2015-04005.0Critical
CVE-2015-04131.9Warning
CVE-2015-04075.0Critical
CVE-2015-04127.2High
CVE-2015-04036.9High
CVE-2015-03835.4High
CVE-2014-65934.0Warning
CVE-2015-04379.3Critical
CVE-2014-35664.3Warning
CVE-2014-65852.6Warning
CVE-2015-04216.9High
CVE-2015-04105.0Critical
CVE-2014-65912.6Warning
CVE-2015-03959.3Critical
CVE-2014-65874.3Warning
CVE-2015-04065.8High
Эксплуатация

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/38641

Узнай статистику распространения уязвимостей в твоем регионе