PT-2015-1083 · Oracle+3 · Javafx+5

Published

2015-04-16

Updated

2022-05-13

CVE-2015-0491

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Java SE versions 5.0u81, 6u91, 7u76, and 8u40 Java FX version 2.2.76

Description The issue allows a remote attacker to compromise the confidentiality, integrity, and availability of data using the 2D component. It affects the security of SSL/TLS connections, potentially allowing a remote attacker to downgrade the security of certain connections and facilitate brute-force decryption of TLS/SSL traffic using man-in-the-middle techniques.

Recommendations For Java SE versions 5.0u81, 6u91, 7u76, and 8u40, update to a version that includes the fix for this issue. For Java FX version 2.2.76, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of the 2D component until a patch is available. Restrict access to SSL/TLS connections to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

BDU:2015-09949

CVE-2015-0491

OPENSUSE-SU-2015_0773-1

OPENSUSE-SU-2015_0774-1

RHSA-2015:0854

RHSA-2015:0857

RHSA-2015:0858

RHSA-2015:1006

RHSA-2015:1007

RHSA-2015:1020

RHSA-2015:1021

RHSA-2015:1091

RHSA-2015_0854

RHSA-2015_0857

RHSA-2015_0858

RHSA-2015_1006

RHSA-2015_1020

RHSA-2015_1021

SUSE-SU-2015:0789-1

SUSE-SU-2015:1161-1

SUSE-SU-2015:2166-1

SUSE-SU-2015:2168-1

SUSE-SU-2015:2168-2

SUSE-SU-2015:2182-1

SUSE-SU-2015:2192-1

SUSE-SU-2015:2216-1

Affected Products

Ibm Aix

Javafx

Java Platform

Java Se

Red Hat

Suse

PT-2015-1083 · Oracle+3 · Javafx+5

CVE-2015-0491

Weakness Enumeration

Related Identifiers

Affected Products

References · 148