CVE-2015-0480

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 5.0u81, 6u91, 7u76, and 8u40 IBM SSL/TLS implementations (affected versions not specified)

Description The issue allows remote attackers to affect the integrity and availability of data. It is related to the Tools component in Oracle Java SE. Additionally, a vulnerability in IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections, facilitating brute-force decryption of TLS/SSL traffic using man-in-the-middle techniques.

Recommendations For Oracle Java SE versions 5.0u81, 6u91, 7u76, and 8u40, update to a version that addresses the issue in the Tools component. For IBM SSL/TLS implementations, restrict the use of RSA temporary keys in non-export RSA key exchange ciphersuites to prevent SSL/TLS connection downgrades. As a temporary workaround, consider disabling the use of RSA temporary keys in RSA key exchange ciphersuites until a patch is available.