PT-2015-1083 · Oracle+3 · Javafx+5

Publicado

2015-04-16

Atualizado

2022-05-13

CVE-2015-0491

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Java SE versions 5.0u81, 6u91, 7u76, and 8u40 Java FX version 2.2.76

Description The issue allows a remote attacker to compromise the confidentiality, integrity, and availability of data using the 2D component. It affects the security of SSL/TLS connections, potentially allowing a remote attacker to downgrade the security of certain connections and facilitate brute-force decryption of TLS/SSL traffic using man-in-the-middle techniques.

Recommendations For Java SE versions 5.0u81, 6u91, 7u76, and 8u40, update to a version that includes the fix for this issue. For Java FX version 2.2.76, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of the 2D component until a patch is available. Restrict access to SSL/TLS connections to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-17

Identificadores relacionados

BDU:2015-09949

CVE-2015-0491

OPENSUSE-SU-2015_0773-1

OPENSUSE-SU-2015_0774-1

RHSA-2015:0854

RHSA-2015:0857

RHSA-2015:0858

RHSA-2015:1006

RHSA-2015:1007

RHSA-2015:1020

RHSA-2015:1021

RHSA-2015:1091

RHSA-2015_0854

RHSA-2015_0857

RHSA-2015_0858

RHSA-2015_1006

RHSA-2015_1020

RHSA-2015_1021

SUSE-SU-2015:0789-1

SUSE-SU-2015:1161-1

SUSE-SU-2015:2166-1

SUSE-SU-2015:2168-1

SUSE-SU-2015:2168-2

SUSE-SU-2015:2182-1

SUSE-SU-2015:2192-1

SUSE-SU-2015:2216-1

Produtos afetados

Ibm Aix

Javafx

Java Platform

Java Se

Red Hat

Suse

PT-2015-1083 · Oracle+3 · Javafx+5

CVE-2015-0491

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 148