PT-2015-3089 · Oracle+4 · Java Se Embedded+6

Published

2015-07-15

Updated

2024-06-15

CVE-2015-2628

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 6u95, 7u80, and 8u45 Java SE Embedded versions 7u75 and 8u33

Description The issue is related to errors in the code of the Java Platform and allows remote attackers to affect confidentiality, integrity, and availability through vectors related to CORBA. This can be exploited by a remote attacker to impact the integrity, availability, and confidentiality of information.

Recommendations For Oracle Java SE versions 6u95, 7u80, and 8u45, update to a version that contains a fix for this issue. For Java SE Embedded versions 7u75 and 8u33, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to CORBA-related components until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

BDU:2016-00294

CESA-2015_1228

CESA-2015_1229

CESA-2015_1526

CVE-2015-2628

DLA-303-1

DSA-3316-1

DSA-3339-1

MGASA-2015-0277

MGASA-2015-0280

OPENSUSE-SU-2015_1288-1

OPENSUSE-SU-2015_1289-1

OPENSUSE-SU-2024:10197-1

OPENSUSE-SU-2024:10534-1

RHSA-2015:1228

RHSA-2015:1229

RHSA-2015:1230

RHSA-2015:1241

RHSA-2015:1242

RHSA-2015:1243

RHSA-2015:1526

RHSA-2015_1228

RHSA-2015_1229

RHSA-2015_1230

RHSA-2015_1241

RHSA-2015_1242

RHSA-2015_1243

RHSA-2015_1526

SUSE-SU-2015:1319-1

SUSE-SU-2015:1320-1

USN-2696-1

USN-2706-1

Affected Products

Centos

Java Platform

Java Se

Java Se Embedded

Red Hat

Suse

Ubuntu

PT-2015-3089 · Oracle+4 · Java Se Embedded+6

CVE-2015-2628

Weakness Enumeration

Related Identifiers

Affected Products

References · 541