PT-2015-2501 · Oracle+5 · Jrockit+8
Published
2015-10-21
·
Updated
2024-06-15
·
CVE-2015-4872
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle Java SE versions 6u101, 7u85, and 8u60
Java SE Embedded version 8u51
JRockit version R28.3.7
Description
The issue is related to errors in the code of the Security component in Jrockit and Java Platform, allowing a remote attacker to modify data by exploiting the vulnerability with specially crafted data for an API function. The estimated number of potentially affected devices and details about real-world incidents are not provided.
Recommendations
For Oracle Java SE versions 6u101, 7u85, and 8u60, update to a version that contains a fix for this issue.
For Java SE Embedded version 8u51, update to a version that contains a fix for this issue.
For JRockit version R28.3.7, update to a version that contains a fix for this issue.
As a temporary workaround, consider restricting access to the
Security component until a patch is available.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centos
Ibm Aix
Jrockit
Java Platform
Java Se
Java Se Embedded
Red Hat
Suse
Ubuntu