SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Oracle, Sun
Oracle Java Multiple Flaws Let Remote Users Deny Service and Gain Full Control of the Target System
SecurityTracker Alert ID:  1032120
SecurityTracker URL:  http://securitytracker.com/id/1032120
CVE Reference:   CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492   (Links to External Site)
Date:  Apr 14 2015
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Java SE 5.0u81, 6u91, 7u76, 8u40; Java FX 2.2.76
Description:   Multiple vulnerabilities were reported in Oracle Java. A remote user can take full control of the target system. A remote user can cause denial of service conditions on the target system.

A remote user can exploit a flaw in the Java SE 2D component to gain elevated privileges [CVE-2015-0469].

A remote user can exploit a flaw in the Java SE and JavaFX 2D component to gain elevated privileges [CVE-2015-0459].

A remote user can exploit a flaw in the Java SE and JavaFX 2D component to gain elevated privileges [CVE-2015-0491].

A remote user can exploit a flaw in the Java SE Hotspot component to gain elevated privileges [CVE-2015-0460].

A remote user can exploit a flaw in Java SE and JavaFX to gain elevated privileges [CVE-2015-0492].

A remote user can exploit a flaw in the Java SE Deployment component to gain elevated privileges [CVE-2015-0458].

A remote user can exploit a flaw in Java SE and JavaFX to partially access data, partially modify data, and partially deny service [CVE-2015-0484].

A remote user can exploit a flaw in the Java SE Tools component to partially modify data and cause partial denial of service conditions [CVE-2015-0480].

A remote user can exploit a flaw in the Java SE Deployment component to partially access data [CVE-2015-0486].

A remote user can exploit a flaw in the Java SE and JRockit JSSE component to cause partial denial of service conditions [CVE-2015-0488].

A remote user can exploit a flaw in the Java SE Beans component to partially modify data [CVE-2015-0477].

A remote user can exploit a flaw in the Java SE Hotspot component to partially modify data [CVE-2015-0470].

A remote user can exploit a flaw in the Java SE and JRockit JCE component to partially access data [CVE-2015-0478].

The following researchers reported these and other Oracle product vulnerabilities:

An Anonymous Reporter working at HTL Leonding; Brandon Vincent; Christopher E. Walter; Daniel Ekberg of Swedish Public Employment Service; David Litchfield of Datacom TSS; Dmitry Janushkevich of Secunia Research; Florian Weimer of Red Hat;
Francis Provencher of Protek Research Lab; Jihui Lu of KeenTeam; Lupin LanYuShi; Mark Litchfield of Securatary; Markus Millbourn of Digifort; Martin Carpenter of Citco; Mateusz Jurczyk of Google Project Zero; Michael Miller of Integrigy;
Moshe Zioni of Comsec Consulting; Ofer Maor formerly of Hacktics; Paul M. Wright; Robbe De Keyzer of The Security Factory; Roberto Soares of Conviso Application Security; Sajith Shetty; Sasha Raljic; Shai Rod of Avnet Information Security;
Steven Seeley of HP's Zero Day Initiative; Tudor Enache of Help AG; Vishal V. Sonar of Control Case International Pvt Ltd.; and Wouter Coekaerts.

Impact:   A remote user can take full control of the target system.

A remote user can cause denial of service conditions.

Solution:   The vendor has issued a fix as part of Oracle Critical Patch Update Advisory - April 2015.

The vendor's advisory is available at:

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

Vendor URL:  www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 15 2015 (Red Hat Issues Fix) Oracle Java Multiple Flaws Let Remote Users Deny Service and Gain Full Control of the Target System
Red Hat has issued a fix for java-openjdk for Red Hat Enterprise Linux 5, 6, and 7.
Apr 20 2015 (Red Hat Issues Fix) Oracle Java Multiple Flaws Let Remote Users Deny Service and Gain Full Control of the Target System
Red Hat has issued a fix for java-1.7.0-oracle.
Apr 20 2015 (Red Hat Issues Fix) Oracle Java Multiple Flaws Let Remote Users Deny Service and Gain Full Control of the Target System
Red Hat has issued a fix for java-1.6.0-sun.
May 13 2015 (Red Hat Issues Fix) Oracle Java Multiple Flaws Let Remote Users Deny Service and Gain Full Control of the Target System
Red Hat has issued a fix for java-1.6.0-ibm and java-1.7.0-ibm for Red Hat Enterprise Linux 5 and 6.
May 21 2015 (Red Hat Issues Fix) Oracle Java Multiple Flaws Let Remote Users Deny Service and Gain Full Control of the Target System
Red Hat has issued a fix for java-1.7.1-ibm for Red Hat Enterprise Linux 6 and 7.
May 21 2015 (Red Hat Issues Fix) Oracle Java Multiple Flaws Let Remote Users Deny Service and Gain Full Control of the Target System
Red Hat has issued a fix for java-1.5.0-ibm for Red Hat Enterprise Linux 5 and 6.
Jun 4 2015 (IBM Issues Fix for IBM AIX) Oracle Java Multiple Flaws Let Remote Users Deny Service and Gain Full Control of the Target System
IBM has issued a fix for IBM JDK on IBM AIX 5.3, 6.1, and 7.1.
Jul 7 2015 (IBM Issues Fix for IBM Cognos Metrics Manager) Oracle Java Multiple Flaws Let Remote Users Deny Service and Gain Full Control of the Target System
IBM has issued a fix for IBM Cognos Metrics Manager.
Jul 10 2015 (IBM Issues Fix for IBM SPSS Modeler) Oracle Java Multiple Flaws Let Remote Users Deny Service and Gain Full Control of the Target System
IBM has issued a fix for IBM SPSS Modeler.
Jul 11 2015 (IBM Issues Fix for IBM Infosphere Optim) Oracle Java Multiple Flaws Let Remote Users Deny Service and Gain Full Control of the Target System
IBM has issued a fix for IBM Infosphere Optim.
Jul 11 2015 (IBM Issues Fix for IBM Tivoli Netcool/OMNIbus) Oracle Java Multiple Flaws Let Remote Users Deny Service and Gain Full Control of the Target System
IBM has issued a fix for IBM Tivoli Netcool/OMNIbus.
Jul 22 2015 (IBM Issues Fix for IBM Security Network Protection) Oracle Java Multiple Flaws Let Remote Users Deny Service and Gain Full Control of the Target System
IBM has issued a fix for IBM Security Network Protection.
Jul 25 2015 (IBM Issues Fix for IBM Tivoli Provisioning Manager) Oracle Java Multiple Flaws Let Remote Users Deny Service and Gain Full Control of the Target System
IBM has issued a fix for IBM Tivoli Provisioning Manager.
Aug 27 2015 (IBM Issues Fix for IBM FileNet Content Manager) Oracle Java Multiple Flaws Let Remote Users Deny Service and Gain Full Control of the Target System
IBM has issued a fix for IBM FileNet Content Manager 5.1.0, 5.2.0, and 5.2.1.
Sep 15 2015 (IBM Issues Fix for IBM Sametime) Oracle Java Multiple Flaws Let Remote Users Deny Service and Gain Full Control of the Target System
IBM has issued a fix for IBM Sametime Community Server.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC