Vulnerability CVE-2015-0492

Vulnerability Name:

CVE-2015-0492 (CCN-102331)

Assigned:

2014-12-17

Published:

2015-04-14

Updated:

2022-05-13

Summary:

Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2015-0492

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:0773

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:0774

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:0833

Source: REDHAT
Type: UNKNOWN
RHSA-2015:0854

Source: REDHAT
Type: UNKNOWN
RHSA-2015:0857

Source: CCN
Type: Oracle Critical Patch Update - April 2015
Oracle Critical Patch Update - April 2015

Source: CONFIRM
Type: Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

Source: BID
Type: UNKNOWN
74129

Source: CCN
Type: BID-74129
Oracle Java SE CVE-2015-0492 Remote Security Vulnerability

Source: SECTRACK
Type: UNKNOWN
1032120

Source: XF
Type: UNKNOWN
oracle-cpuapr2015-cve20150492(102331)

Source: GENTOO
Type: UNKNOWN
GLSA-201603-11

Vulnerable Configuration:

Configuration 1:

cpe:/o:opensuse:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:oracle:javafx:2.2.76:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:oracle:jdk:1.8.0:update40:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.5.0:update8:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.6.0:update91:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update76:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.5.0:update81:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.6.0:update91:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update76:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.8.0:update40:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras_oracle_java:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:rhel_extras_oracle_java:7:*:*:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:rhel_extras_oracle_java:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:javafx:2.2.76:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20150492	V	CVE-2015-0492	2022-09-02
oval:org.opensuse.security:def:11506	P	coolkey-1.1.0-147.71 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11442	P	ppp-2.4.7-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12144	P	hplip-3.16.11-1.33 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12166	P	libX11-6-1.6.2-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11261	P	MozillaFirefox-31.1.0esr-1.20 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11308	P	gdm-3.10.0.1-13.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11323	P	ibus-chewing-1.4.10.1-2.25 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11484	P	xorg-x11-server-7.6_1.15.2-12.17 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11342	P	libXp6-1.0.2-3.58 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11493	P	alsa-1.0.27.2-11.10 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11417	P	libyaml-0-2-0.1.6-1.19 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11215	P	Security update for jhead (Moderate)	2021-05-19
oval:org.opensuse.security:def:19512	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:11185	P	Security update for chromium (Important)	2021-03-19
oval:org.opensuse.security:def:11193	P	Security update for chromium (Important)	2021-01-11
oval:org.opensuse.security:def:53027	P	Security update for zeromq (Moderate)	2020-12-01
oval:org.opensuse.security:def:40056	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:18812	P	Security update for netpbm (Moderate)	2020-12-01
oval:org.opensuse.security:def:52626	P	Security update for java-1_8_0-openjdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:18609	P	Security update for fuse (Moderate)	2020-12-01
oval:org.opensuse.security:def:41680	P	Security update for java-1_7_0-openjdk, java-1_7_0-openjdk-bootstrap (Moderate)	2020-12-01
oval:org.opensuse.security:def:53200	P	Security update for 389-ds (Important)	2020-12-01
oval:org.opensuse.security:def:40148	P	Security update for Linux Kernel Live Patch 10 for SLE 12 SP1 (Important)	2020-12-01
oval:org.opensuse.security:def:18824	P	Security update for libraw (Moderate)	2020-12-01
oval:org.opensuse.security:def:53957	P	expat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18721	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:53306	P	Security update for mariadb-connector-c (Important)	2020-12-01
oval:org.opensuse.security:def:40300	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:18848	P	Security update for openwsman (Important)	2020-12-01
oval:org.opensuse.security:def:54031	P	libipa_hbac0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40044	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:18754	P	Security update for bash (Moderate)	2020-12-01
oval:org.opensuse.security:def:53472	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:40409	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:19486	P	Security update for unzip (Moderate)	2020-12-01
oval:org.opensuse.security:def:54069	P	libtag1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18358	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:40872	P	Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:53757	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:40478	P	Security update for spice (Important)	2020-12-01
oval:org.opensuse.security:def:54150	P	DirectFB on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18393	P	Security update for ncurses (Moderate)	2020-12-01
oval:org.opensuse.security:def:40917	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:52627	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:53865	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:40580	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:55426	P	yubikey-manager on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18479	P	Security update for opensaml (Important)	2020-12-01
oval:org.opensuse.security:def:40946	P	Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:52649	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:18350	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:40756	P	Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:55500	P	Security update for java-1_7_0-openjdk, java-1_7_0-openjdk-bootstrap (Moderate)	2020-12-01
oval:org.opensuse.security:def:18537	P	Security update for gdk-pixbuf (Moderate)	2020-12-01
oval:org.opensuse.security:def:40997	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:52789	P	Security update for the Linux Kernel (Live Patch 19 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:40045	P	Security update for spice (Important)	2020-12-01
oval:org.opensuse.security:def:40820	P	Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:18571	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:41635	P	Security update for wget (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20150854	P	RHSA-2015:0854: java-1.8.0-oracle security update (Critical)	2017-12-15
oval:com.redhat.rhsa:def:20150857	P	RHSA-2015:0857: java-1.7.0-oracle security update (Critical)	2017-12-15
oval:org.opensuse.security:def:78134	P	Security update for java-1_7_0-openjdk, java-1_7_0-openjdk-bootstrap (Moderate)	2015-04-23
oval:com.ubuntu.precise:def:20150492000	V	CVE-2015-0492 on Ubuntu 12.04 LTS (precise) - medium.	2015-04-16
oval:com.ubuntu.trusty:def:20150492000	V	CVE-2015-0492 on Ubuntu 14.04 LTS (trusty) - medium.	2015-04-16

BACK