PT-2015-1081 · Oracle+5 · Java Se+6

Published

2015-04-14

·

Updated

2024-06-15

·

CVE-2015-0469

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Java SE versions 5.0u81, 6u91, 7u76, and 8u40
Description The issue allows a remote attacker to compromise the confidentiality, integrity, and availability of data using the 2D component. It affects the security of SSL/TLS connections, potentially allowing a remote attacker to downgrade the security of certain connections and facilitate brute-force decryption of TLS/SSL traffic using man-in-the-middle techniques.
Recommendations For Java SE version 5.0u81, update to a version that fixes this issue. For Java SE version 6u91, update to a version that fixes this issue. For Java SE version 7u76, update to a version that fixes this issue. For Java SE version 8u40, update to a version that fixes this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

BDU:2015-09947
CESA-2015_0806
CESA-2015_0808
CESA-2015_0809
CVE-2015-0469
DLA-213-1
DSA-3234-1
DSA-3235-1
DSA-3316-1
MGASA-2015-0158
OPENSUSE-SU-2015_0773-1
OPENSUSE-SU-2015_0774-1
OPENSUSE-SU-2024:10534-1
RHSA-2015:0806
RHSA-2015:0807
RHSA-2015:0808
RHSA-2015:0809
RHSA-2015:0854
RHSA-2015:0857
RHSA-2015:0858
RHSA-2015:1006
RHSA-2015:1007
RHSA-2015:1020
RHSA-2015:1021
RHSA-2015:1091
RHSA-2015_0806
RHSA-2015_0807
RHSA-2015_0808
RHSA-2015_0809
RHSA-2015_0854
RHSA-2015_0857
RHSA-2015_0858
RHSA-2015_1006
RHSA-2015_1020
RHSA-2015_1021
SUSE-SU-2015:0789-1
SUSE-SU-2015:1161-1
SUSE-SU-2015:2166-1
SUSE-SU-2015:2168-1
SUSE-SU-2015:2168-2
SUSE-SU-2015:2182-1
SUSE-SU-2015:2192-1
SUSE-SU-2015:2216-1
USN-2573-1
USN-2574-1

Affected Products

Centos
Ibm Aix
Java Platform
Java Se
Red Hat
Suse
Ubuntu