PT-2015-2527 · Oracle+5 · Java Se Embedded+7
Published
2015-10-21
·
Updated
2024-06-15
·
CVE-2015-4842
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle Java SE versions 6u101, 7u85, and 8u60
Java SE Embedded version 8u51
Description
The issue allows remote attackers to affect confidentiality via vectors related to JAXP. It is associated with errors in the code of the JAXP subcomponent of the Java Platform. Exploitation of the issue may allow a remote attacker to gain read access to protected information using a Java Web Start application or a Java applet.
Recommendations
For Oracle Java SE versions 6u101, 7u85, and 8u60, update to a version that includes the fix for this issue.
For Java SE Embedded version 8u51, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting the use of JAXP in your applications until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centos
Ibm Aix
Java Platform
Java Se
Java Se Embedded
Red Hat
Suse
Ubuntu