PT-2015-2477 · Oracle+3 · Oracle Java Se+4

Publicado

2015-10-21

·

Atualizado

2025-03-13

·

CVE-2015-4902

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 6u101, 7u85, and 8u60
Description The issue is related to an unspecified vulnerability in the Deployment component of Oracle Java SE, which can be exploited by remote attackers to affect integrity via unknown vectors. This vulnerability is associated with errors in the code of the Java Platform. Exploitation of the vulnerability may allow a remote attacker to modify data using a Java Web Start application or Java applet.
Recommendations For Oracle Java SE version 6u101, update to a version that fixes the vulnerability. For Oracle Java SE version 7u85, update to a version that fixes the vulnerability. For Oracle Java SE version 8u60, update to a version that fixes the vulnerability. As a temporary workaround, consider restricting the use of the Deployment component until a patch is available.

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-17CWE-284

Identificadores relacionados

BDU:2015-11842
CVE-2015-4902
OPENSUSE-SU-2015_1905-1
OPENSUSE-SU-2016_0270-1
OPENSUSE-SU-2024:10197-1
RHSA-2015:1926
RHSA-2015:1927
RHSA-2015:1928
RHSA-2015:2506
RHSA-2015:2507
RHSA-2015:2508
RHSA-2015:2509
RHSA-2015:2518
RHSA-2015_1926
RHSA-2015_1927
RHSA-2015_1928
RHSA-2015_2506
RHSA-2015_2508
RHSA-2015_2509
RHSA-2015_2518
RHSA-2016:1430
SUSE-SU-2015:2166-1
SUSE-SU-2015:2168-1
SUSE-SU-2015:2168-2
SUSE-SU-2015:2182-1
SUSE-SU-2015:2192-1
SUSE-SU-2015:2216-1
SUSE-SU-2015:2268-1

Produtos afetados

Ibm Aix
Java Platform
Oracle Java Se
Red Hat
Suse