Published: 16/07/2015 Updated: 22/09/2017

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0457.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle database server 12.1.0.1
oracle database server 12.1.0.2
oracle database server 11.1.0.7
oracle database server 11.2.0.3
oracle database server 11.2.0.4

Oracle slings 193 patches, nixes exploited Java zero day

The Register • Darren Pauli • 16 Jul 2015

Unauthenticated remote code execution among grizzly vulns.

Oracle has poured cold coffee on a recent Java zero-day that's already under active attack, with just one of the critical patches it's released to address 193 holes in its sprawling product suite. The zero day is the most urgent fix of the lot and of the two dozen other Java patches present among Big Red's quarterly patch release. Trend Micro researchers Brooks Li and Feike Hacquebord reported the flaw 13 July noting it is being attacked as part of the sophisticated 'Operation PawnStorm' hacking...

CVE-2015-2629

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect