PT-2015-2551 · Oracle+3 · Java Se+4

Published

2015-10-21

Updated

2024-06-15

CVE-2015-4810

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 7u85 through 8u60

Description The issue is related to errors in the code of the Deployment subcomponent of the Java Platform. It may allow a local attacker to execute arbitrary code using a Java Web Start application or a Java applet, potentially affecting confidentiality, integrity, and availability. Additionally, it could enable an attacker with physical access to the system to obtain sensitive information from the Kerberos Credential Cache.

Recommendations For Oracle Java SE version 7u85, update to a version that includes the fix for this issue. For Oracle Java SE version 8u60, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of Java Web Start applications and Java applets until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

BDU:2015-11916

CVE-2015-4810

OPENSUSE-SU-2015_1905-1

OPENSUSE-SU-2016_0270-1

OPENSUSE-SU-2024:10197-1

RHSA-2015:1926

RHSA-2015:1927

RHSA-2015:2506

RHSA-2015:2507

RHSA-2015:2509

RHSA-2015_1926

RHSA-2015_1927

RHSA-2015_2506

RHSA-2015_2509

RHSA-2016:1430

SUSE-SU-2015:2166-1

SUSE-SU-2015:2168-1

SUSE-SU-2015:2168-2

SUSE-SU-2015:2182-1

SUSE-SU-2015:2192-1

SUSE-SU-2015:2216-1

SUSE-SU-2015:2268-1

Affected Products

Ibm Aix

Java Platform

Java Se

Red Hat

Suse

PT-2015-2551 · Oracle+3 · Java Se+4

CVE-2015-4810

Weakness Enumeration

Related Identifiers

Affected Products

References · 240