CVE-2015-0477

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 5.0u81, 6u91, 7u76, and 8u40 IBM SSL/TLS implementations (affected versions not specified)

Description The issue affects the integrity of data and is related to the Beans component in Oracle Java SE, allowing remote attackers to exploit it via unknown vectors. Additionally, a vulnerability in IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections using man-in-the-middle techniques, facilitating brute-force decryption of TLS/SSL traffic.

Recommendations For Oracle Java SE versions 5.0u81, 6u91, 7u76, and 8u40, consider disabling the Beans component as a temporary workaround until a patch is available. For IBM SSL/TLS implementations, restrict the use of RSA temporary keys in non-export RSA key exchange ciphersuites to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.