CVE-2015-0492 - Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attacker

CVE-2015-0492

Summary

Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484.

References

Vulnerable Configurations

cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:javafx:2.2.76:*:*:*:*:*:*:*
cpe:2.3:a:oracle:javafx:2.2.76:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update40:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update40:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update8:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update8:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update91:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update91:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update76:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update76:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.5.0:update81:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.5.0:update81:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update91:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update91:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update76:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update76:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update40:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update40:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 13-05-2022 - 14:57)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

redhat via4

advisories

bugzilla

id	1211774
title	CVE-2015-0486 Oracle JDK: unspecified vulnerability fixed in 8u45 (Deployment)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.8.0-oracle is earlier than 1:1.8.0.45-1jpp.2.el6_6
oval oval:com.redhat.rhsa:tst:20150854001
comment java-1.8.0-oracle is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080002

AND

comment java-1.8.0-oracle-devel is earlier than 1:1.8.0.45-1jpp.2.el6_6
oval oval:com.redhat.rhsa:tst:20150854003
comment java-1.8.0-oracle-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080004

AND

comment java-1.8.0-oracle-javafx is earlier than 1:1.8.0.45-1jpp.2.el6_6
oval oval:com.redhat.rhsa:tst:20150854005
comment java-1.8.0-oracle-javafx is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080006

AND

comment java-1.8.0-oracle-jdbc is earlier than 1:1.8.0.45-1jpp.2.el6_6
oval oval:com.redhat.rhsa:tst:20150854007
comment java-1.8.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080008

AND

comment java-1.8.0-oracle-plugin is earlier than 1:1.8.0.45-1jpp.2.el6_6
oval oval:com.redhat.rhsa:tst:20150854009
comment java-1.8.0-oracle-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080010

AND

comment java-1.8.0-oracle-src is earlier than 1:1.8.0.45-1jpp.2.el6_6
oval oval:com.redhat.rhsa:tst:20150854011
comment java-1.8.0-oracle-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080012

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment java-1.8.0-oracle is earlier than 1:1.8.0.45-1jpp.2.el7_1
oval oval:com.redhat.rhsa:tst:20150854014
comment java-1.8.0-oracle is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080002

AND

comment java-1.8.0-oracle-devel is earlier than 1:1.8.0.45-1jpp.2.el7_1
oval oval:com.redhat.rhsa:tst:20150854015
comment java-1.8.0-oracle-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080004

AND

comment java-1.8.0-oracle-javafx is earlier than 1:1.8.0.45-1jpp.2.el7_1
oval oval:com.redhat.rhsa:tst:20150854016
comment java-1.8.0-oracle-javafx is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080006

AND

comment java-1.8.0-oracle-jdbc is earlier than 1:1.8.0.45-1jpp.2.el7_1
oval oval:com.redhat.rhsa:tst:20150854017
comment java-1.8.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080008

AND

comment java-1.8.0-oracle-plugin is earlier than 1:1.8.0.45-1jpp.2.el7_1
oval oval:com.redhat.rhsa:tst:20150854018
comment java-1.8.0-oracle-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080010

AND

comment java-1.8.0-oracle-src is earlier than 1:1.8.0.45-1jpp.2.el7_1
oval oval:com.redhat.rhsa:tst:20150854019
comment java-1.8.0-oracle-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080012

rhsa

id	RHSA-2015:0854
released	2015-04-17
severity	Critical
title	RHSA-2015:0854: java-1.8.0-oracle security update (Critical)

bugzilla

id	1211773
title	CVE-2015-0484 Oracle JDK: unspecified vulnerability fixed in 7u79 and 8u45 (JavaFX)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND

comment java-1.7.0-oracle is earlier than 1:1.7.0.79-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20150857001
comment java-1.7.0-oracle is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140413002

AND

comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.79-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20150857003
comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140413004

AND

comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.79-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20150857005
comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140413006

AND

comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.79-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20150857007
comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140413008

AND

comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.79-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20150857009
comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140413010

AND

comment java-1.7.0-oracle-src is earlier than 1:1.7.0.79-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20150857011
comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140413012

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.7.0-oracle is earlier than 1:1.7.0.79-1jpp.1.el6_6
oval oval:com.redhat.rhsa:tst:20150857014
comment java-1.7.0-oracle is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413015

AND

comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.79-1jpp.1.el6_6
oval oval:com.redhat.rhsa:tst:20150857016
comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413017

AND

comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.79-1jpp.1.el6_6
oval oval:com.redhat.rhsa:tst:20150857018
comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413019

AND

comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.79-1jpp.1.el6_6
oval oval:com.redhat.rhsa:tst:20150857020
comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413021

AND

comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.79-1jpp.1.el6_6
oval oval:com.redhat.rhsa:tst:20150857022
comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413023

AND

comment java-1.7.0-oracle-src is earlier than 1:1.7.0.79-1jpp.1.el6_6
oval oval:com.redhat.rhsa:tst:20150857024
comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413025

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment java-1.7.0-oracle is earlier than 1:1.7.0.79-1jpp.1.el7_1
oval oval:com.redhat.rhsa:tst:20150857027
comment java-1.7.0-oracle is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413015

AND

comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.79-1jpp.1.el7_1
oval oval:com.redhat.rhsa:tst:20150857028
comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413017

AND

comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.79-1jpp.1.el7_1
oval oval:com.redhat.rhsa:tst:20150857029
comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413019

AND

comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.79-1jpp.1.el7_1
oval oval:com.redhat.rhsa:tst:20150857030
comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413021

AND

comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.79-1jpp.1.el7_1
oval oval:com.redhat.rhsa:tst:20150857031
comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413023

AND

comment java-1.7.0-oracle-src is earlier than 1:1.7.0.79-1jpp.1.el7_1
oval oval:com.redhat.rhsa:tst:20150857032
comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413025

rhsa

id	RHSA-2015:0857
released	2015-04-20
severity	Critical
title	RHSA-2015:0857: java-1.7.0-oracle security update (Critical)

rpms

java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el6_6
java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el7_1
java-1.8.0-oracle-devel-1:1.8.0.45-1jpp.2.el6_6
java-1.8.0-oracle-devel-1:1.8.0.45-1jpp.2.el7_1
java-1.8.0-oracle-javafx-1:1.8.0.45-1jpp.2.el6_6
java-1.8.0-oracle-javafx-1:1.8.0.45-1jpp.2.el7_1
java-1.8.0-oracle-jdbc-1:1.8.0.45-1jpp.2.el6_6
java-1.8.0-oracle-jdbc-1:1.8.0.45-1jpp.2.el7_1
java-1.8.0-oracle-plugin-1:1.8.0.45-1jpp.2.el6_6
java-1.8.0-oracle-plugin-1:1.8.0.45-1jpp.2.el7_1
java-1.8.0-oracle-src-1:1.8.0.45-1jpp.2.el6_6
java-1.8.0-oracle-src-1:1.8.0.45-1jpp.2.el7_1
java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el5_11
java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el6_6
java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el7_1
java-1.7.0-oracle-devel-1:1.7.0.79-1jpp.1.el5_11
java-1.7.0-oracle-devel-1:1.7.0.79-1jpp.1.el6_6
java-1.7.0-oracle-devel-1:1.7.0.79-1jpp.1.el7_1
java-1.7.0-oracle-javafx-1:1.7.0.79-1jpp.1.el5_11
java-1.7.0-oracle-javafx-1:1.7.0.79-1jpp.1.el6_6
java-1.7.0-oracle-javafx-1:1.7.0.79-1jpp.1.el7_1
java-1.7.0-oracle-jdbc-1:1.7.0.79-1jpp.1.el5_11
java-1.7.0-oracle-jdbc-1:1.7.0.79-1jpp.1.el6_6
java-1.7.0-oracle-jdbc-1:1.7.0.79-1jpp.1.el7_1
java-1.7.0-oracle-plugin-1:1.7.0.79-1jpp.1.el5_11
java-1.7.0-oracle-plugin-1:1.7.0.79-1jpp.1.el6_6
java-1.7.0-oracle-plugin-1:1.7.0.79-1jpp.1.el7_1
java-1.7.0-oracle-src-1:1.7.0.79-1jpp.1.el5_11
java-1.7.0-oracle-src-1:1.7.0.79-1jpp.1.el6_6
java-1.7.0-oracle-src-1:1.7.0.79-1jpp.1.el7_1

refmap via4

bid	74129
confirm	http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
gentoo	GLSA-201603-11
sectrack	1032120
suse	SUSE-SU-2015:0833 openSUSE-SU-2015:0773 openSUSE-SU-2015:0774

Last major update

13-05-2022 - 14:57

Published

16-04-2015 - 16:59

Last modified

13-05-2022 - 14:57