PT-2015-4620 · Oracle+6 · Java Se+7

Published

2015-01-20

Updated

2024-06-15

CVE-2015-0412

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 6u85, 7u72, and 8u25

Description The issue allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the JAX-WS component. This can be exploited by remote attackers to compromise data.

Recommendations For Oracle Java SE version 6u85, update to a version that is not affected by this issue. For Oracle Java SE version 7u72, update to a version that is not affected by this issue. For Oracle Java SE version 8u25, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the JAX-WS component until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CESA-2015_0067

CESA-2015_0069

CESA-2015_0085

CVE-2015-0412

DLA-157-1

DSA-3144-1

DSA-3147-1

HPSBUX03273

HPSBUX03281

MGASA-2015-0037

OPENSUSE-SU-2015_0190-1

OPENSUSE-SU-2024:10534-1

RHSA-2015:0067

RHSA-2015:0068

RHSA-2015:0069

RHSA-2015:0079

RHSA-2015:0080

RHSA-2015:0085

RHSA-2015:0086

RHSA-2015:0133

RHSA-2015:0134

RHSA-2015:0135

RHSA-2015:0263

RHSA-2015:0264

RHSA-2015_0067

RHSA-2015_0068

RHSA-2015_0069

RHSA-2015_0079

RHSA-2015_0080

RHSA-2015_0085

RHSA-2015_0086

RHSA-2015_0133

RHSA-2015_0135

SUSE-SU-2015:0503-1

USN-2486-1

USN-2487-1

Affected Products

Centos

Hp-Ux

Ibm Aix

Java Platform

Java Se

Red Hat

Suse

Ubuntu

PT-2015-4620 · Oracle+6 · Java Se+7

CVE-2015-0412

Related Identifiers

Affected Products

References · 470