CVE-2015-2590

Description

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

CVSS Metrics

• v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
• v2.0•HIGH•Score: 10AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 66.62%• Percentile: 99%

Affected Systems

• canonical•ubuntu_linux

  12.04 | 14.04 | 15.04

• debian•debian_linux

  7.0 | 8.0

• opensuse•opensuse

  13.1 | 13.2

• oracle•jdk

  1.8.0:update_33 | 1.6.0:update95 | 1.7.0:update75 | 1.7.0:update80 | 1.8.0:update33 | 1.8.0:update45

• oracle•jre

  1.6.0:update_95 | 1.7.0:update_75 | 1.7.0:update_80 | 1.8.0:update_33 | 1.8.0:update_45 | 1.6.0:update95 | 1.7.0:update75 | 1.7.0:update80 | 1.8.0:update33 | 1.8.0:update45

• redhat•enterprise_linux_desktop

  5.0 | 6.0 | 7.0

• redhat•enterprise_linux_eus

  6.6 | 6.7 | 7.1 | 7.2 | 7.3 | 7.4 | 7.5

• redhat•enterprise_linux_for_ibm_z_systems

  6.0_s390x

• redhat•enterprise_linux_for_ibm_z_systems_eus

  6.7_s390x | 7.1_s390x | 7.2_s390x | 7.3_s390x | 7.4_s390x | 7.5_s390x

• redhat•enterprise_linux_for_power_big_endian

  6.0_ppc64 | 7.0_ppc64

• redhat•enterprise_linux_for_power_big_endian_eus

  6.7_ppc64 | 7.1_ppc64 | 7.2_ppc64 | 7.3_ppc64 | 7.4_ppc64 | 7.5_ppc64

• redhat•enterprise_linux_for_power_little_endian

  7.0_ppc64le

• redhat•enterprise_linux_for_power_little_endian_eus

  7.1_ppc64le | 7.2_ppc64le | 7.3_ppc64le | 7.4_ppc64le | 7.5_ppc64le

• redhat•enterprise_linux_server

  5.0 | 6.0 | 7.0

• redhat•enterprise_linux_server_aus

  6.6 | 7.3 | 7.4 | 7.6 | 7.7

• redhat•enterprise_linux_server_tus

  6.6 | 7.3 | 7.6 | 7.7

• redhat•enterprise_linux_workstation

  5.0 | 6.0 | 7.0

• redhat•satellite

  5.6 | 5.7

• suse•linux_enterprise_debuginfo

  11:sp3 | 11:sp4

• suse•linux_enterprise_desktop

  11:sp3 | 11:sp4 | 12

• suse•linux_enterprise_server

  12

References (26)

• http://rhn.redhat.com/errata/RHSA-2015-1243.html
• http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
• http://www.securityfocus.com/bid/75818
• http://rhn.redhat.com/errata/RHSA-2015-1229.html
• http://www.securitytracker.com/id/1032910
• http://www.ubuntu.com/usn/USN-2706-1
• http://rhn.redhat.com/errata/RHSA-2015-1526.html
• http://rhn.redhat.com/errata/RHSA-2015-1485.html
• http://rhn.redhat.com/errata/RHSA-2015-1544.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html
• http://rhn.redhat.com/errata/RHSA-2015-1228.html
• http://www.debian.org/security/2015/dsa-3316
• https://security.gentoo.org/glsa/201603-11
• http://rhn.redhat.com/errata/RHSA-2015-1486.html
• https://security.gentoo.org/glsa/201603-14
• http://www.ubuntu.com/usn/USN-2696-1
• http://www.debian.org/security/2015/dsa-3339
• http://rhn.redhat.com/errata/RHSA-2015-1242.html
• http://rhn.redhat.com/errata/RHSA-2015-1488.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html
• http://rhn.redhat.com/errata/RHSA-2015-1241.html
• http://rhn.redhat.com/errata/RHSA-2015-1230.html
• http://rhn.redhat.com/errata/RHSA-2015-1604.html
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2590