CVE-2015-0192

Name of the Vulnerable Software and Affected Versions IBM Java versions prior to 8 SR1 IBM Java 7 R1 versions prior to SR2 FP11 IBM Java 7 versions prior to SR9 IBM Java 6 R1 versions prior to SR8 FP4 IBM Java 6 versions prior to SR16 FP4 IBM Java 5.0 versions prior to SR16 FP10

Description The issue allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine. Additionally, a vulnerability in IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections, facilitating brute-force decryption of TLS/SSL traffic between vulnerable clients and servers using man-in-the-middle techniques. This is also known as the FREAK attack.

Recommendations For IBM Java 8, update to SR1 or later. For IBM Java 7 R1, update to SR2 FP11 or later. For IBM Java 7, update to SR9 or later. For IBM Java 6 R1, update to SR8 FP4 or later. For IBM Java 6, update to SR16 FP4 or later. For IBM Java 5.0, update to SR16 FP10 or later.