PT-2015-1086 · Oracle+3 · Oracle Java Se+5

Published

2015-04-16

·

Updated

2022-05-13

·

CVE-2015-0458

CVSS v2.0

7.6

High

VectorAV:N/AC:H/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 6u91, 7u76, and 8u40
Description The issue affects confidentiality, integrity, and availability via unknown vectors related to the Deployment component. It allows remote attackers to exploit the vulnerability. There is also a vulnerability in various IBM SSL/TLS implementations that could allow a remote attacker to downgrade the security of certain SSL/TLS connections, facilitating brute-force decryption of TLS/SSL traffic between vulnerable clients and servers, known as the FREAK attack.
Recommendations For Oracle Java SE version 6u91, update to a version that fixes the issue. For Oracle Java SE version 7u76, update to a version that fixes the issue. For Oracle Java SE version 8u40, update to a version that fixes the issue. As a temporary workaround, consider restricting access to the Deployment component until a patch is available. Avoid using RSA temporary keys in non-export RSA key exchange ciphersuites to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

BDU:2015-09952
CVE-2015-0458
OPENSUSE-SU-2015_0773-1
OPENSUSE-SU-2015_0774-1
RHSA-2015:0854
RHSA-2015:0857
RHSA-2015:0858
RHSA-2015:1006
RHSA-2015:1007
RHSA-2015:1020
RHSA-2015:1091
RHSA-2015_0854
RHSA-2015_0857
RHSA-2015_0858
RHSA-2015_1006
RHSA-2015_1020
SUSE-SU-2015:0789-1
SUSE-SU-2015:1161-1
SUSE-SU-2015:2166-1
SUSE-SU-2015:2168-1
SUSE-SU-2015:2168-2
SUSE-SU-2015:2182-1
SUSE-SU-2015:2192-1
SUSE-SU-2015:2216-1
SUSE-SU-2015_0789-1
SUSE-SU-2015_0833-1

Affected Products

Ibm Aix
Ibm Ssl/Tls
Java Platform
Oracle Java Se
Red Hat
Suse