Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2015-2601

Published: 16/07/2015 Updated: 13/05/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Oracle

Vulnerability Summary

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote malicious users to affect confidentiality via vectors related to JCE.

Vulnerable Product Search on Vulmon Subscribe to Product

oracle jrockit r28.3.6

oracle jdk 1.8.0

oracle jre 1.7.0

oracle jre 1.6.0

oracle jre 1.8.0

oracle jdk 1.7.0

oracle jdk 1.6.0

Vendor Advisories

Ubuntu Security Notice: openjdk-6 vulnerabilities
Several security issues were fixed in OpenJDK 6 ...
Ubuntu Security Notice: openjdk-7 vulnerabilities
Several security issues were fixed in OpenJDK 7 ...
Debian Security Advisories: DSA-3339-1 openjdk-6 -- security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography For the oldstable distribution (wheezy), these problems have been fixed in version 6b36-1138-1~deb7 ...
Debian Security Advisories: DSA-3316-1 openjdk-7 -- security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography For the oldstable distribution (wheezy), these problems have been fixed in version 7u79-256-1~deb7u ...
Red Hat: CVE-2015-2601
It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons ...
Amazon Linux AMI: ALAS-2015-570
Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK ve ...
Amazon Linux AMI: ALAS-2015-586
Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK ve ...
Amazon Linux AMI: ALAS-2015-571
Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK ve ...

Recent Articles

Juniper patches Logjam, Bar Mitzvah, and various Java vulns
The Register • Richard Chirgwin • 26 Apr 2016

In Junos Space, nobody can hear you patch

Juniper Networks sysadmins can add Junos Space network management patches to their to-do list. The gin palace says “any product or platform running Junos Space before 15.2R1” has the privilege escalation vulnerabilities, adding that “Attack vectors include: cross site request forgeries (CSRF), default authentication credentials, information leak and command injection”. The remotely-exploitable bugs, turned up by the company's internal code review, include six vectors inherited from Oracl...

Read more...

References

NVD-CWE-noinfohttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.securityfocus.com/bid/75867http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727https://security.gentoo.org/glsa/201603-11https://security.gentoo.org/glsa/201603-14https://kc.mcafee.com/corporate/index?page=content&id=SB10139http://www.ubuntu.com/usn/USN-2706-1http://www.ubuntu.com/usn/USN-2696-1http://www.debian.org/security/2015/dsa-3339http://rhn.redhat.com/errata/RHSA-2015-1526.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.htmlhttp://www.securitytracker.com/id/1037732http://www.securitytracker.com/id/1032910http://www.debian.org/security/2015/dsa-3316http://rhn.redhat.com/errata/RHSA-2015-1604.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1544.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1488.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1486.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1485.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1243.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1242.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1241.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1230.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1229.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1228.htmlhttps://nvd.nist.govhttps://usn.ubuntu.com/2706-1/https://access.redhat.com/security/cve/cve-2015-2601
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook