PT-2015-1667 · Oracle+5 · Jrockit+9

Publicado

2015-07-15

·

Atualizado

2024-06-15

·

CVE-2015-2625

CVSS v2.0

2.6

Baixa

VetorAV:N/AC:H/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Java SE versions 6u95, 7u80, and 8u45 JRockit version R28.3.6 Java SE Embedded versions 7u75 and 8u33
Description The issue is related to errors in the code of the JSSE component in Java Platform and JRockit. It may allow a remote attacker to compromise the confidentiality of information. The vulnerability can be exploited by remote attackers via vectors related to JSSE.
Recommendations For Java SE versions 6u95, 7u80, and 8u45, update to a version that contains a fix for this issue. For JRockit version R28.3.6, update to a version that contains a fix for this issue. For Java SE Embedded versions 7u75 and 8u33, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to JSSE components until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-17

Identificadores relacionados

BDU:2015-11013
CESA-2015_1228
CESA-2015_1229
CESA-2015_1526
CVE-2015-2625
DLA-303-1
DSA-3316-1
DSA-3339-1
MGASA-2015-0277
MGASA-2015-0280
OPENSUSE-SU-2015_1288-1
OPENSUSE-SU-2015_1289-1
OPENSUSE-SU-2024:10197-1
OPENSUSE-SU-2024:10534-1
RHSA-2015:1228
RHSA-2015:1229
RHSA-2015:1230
RHSA-2015:1241
RHSA-2015:1242
RHSA-2015:1243
RHSA-2015:1485
RHSA-2015:1486
RHSA-2015:1488
RHSA-2015:1526
RHSA-2015:1604
RHSA-2015_1228
RHSA-2015_1229
RHSA-2015_1230
RHSA-2015_1241
RHSA-2015_1242
RHSA-2015_1243
RHSA-2015_1485
RHSA-2015_1486
RHSA-2015_1526
SUSE-SU-2015:1319-1
SUSE-SU-2015:1320-1
SUSE-SU-2015:1329-1
SUSE-SU-2015:1331-1
SUSE-SU-2015:1345-1
SUSE-SU-2015:1375-1
SUSE-SU-2015:1509-1
SUSE-SU-2015:2166-1
SUSE-SU-2015:2192-1
USN-2696-1
USN-2706-1

Produtos afetados

Centos
Ibm Aix
Jrockit
Jsse
Java Platform
Java Se
Java Se Embedded
Red Hat
Suse
Ubuntu