PT-2015-2493 · Oracle+4 · Java Se Embedded+6

Published

2015-10-21

Updated

2024-06-15

CVE-2015-4881

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 6u101, 7u85, and 8u60 Oracle Java SE Embedded version 8u51

Description The issue is related to errors in the CORBA subcomponent code of the Java Platform. It may allow a remote attacker to execute arbitrary code using a Java Web Start application or a Java applet. The vulnerability can affect confidentiality, integrity, and availability via vectors related to CORBA.

Recommendations For Oracle Java SE versions 6u101, 7u85, and 8u60, update to a version that includes the fix for this issue. For Oracle Java SE Embedded version 8u51, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of Java Web Start applications and Java applets until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

BDU:2015-11858

CESA-2015_1919

CESA-2015_1920

CESA-2015_2086

CVE-2015-4881

DLA-346-1

DSA-3381-1

DSA-3381-2

DSA-3465-1

MGASA-2015-0412

OPENSUSE-SU-2015_1902-1

OPENSUSE-SU-2015_1905-1

OPENSUSE-SU-2015_1906-1

OPENSUSE-SU-2015_1971-1

OPENSUSE-SU-2016_0270-1

OPENSUSE-SU-2024:10197-1

OPENSUSE-SU-2024:10534-1

RHSA-2015:1919

RHSA-2015:1920

RHSA-2015:1921

RHSA-2015:1926

RHSA-2015:1927

RHSA-2015:1928

RHSA-2015:2086

RHSA-2015_1919

RHSA-2015_1920

RHSA-2015_1921

RHSA-2015_1926

RHSA-2015_1927

RHSA-2015_1928

RHSA-2015_2086

SUSE-SU-2015:1874-1

SUSE-SU-2015:1874-2

SUSE-SU-2015:1875-1

SUSE-SU-2015:1875-2

USN-2784-1

USN-2827-1

Affected Products

Centos

Java Platform

Java Se

Java Se Embedded

Red Hat

Suse

Ubuntu

PT-2015-2493 · Oracle+4 · Java Se Embedded+6

CVE-2015-4881

Weakness Enumeration

Related Identifiers

Affected Products

References · 560