CVE-2015-4902 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA-ADP	ADP	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 91%

Affected Products (NVD)

Vendor	Product	Version
oracle	jdk	1.6.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jre	1.6.0
oracle	jre	1.7.0
oracle	jre	1.8.0
redhat	satellite	5.6
redhat	satellite	5.7
redhat	enterprise_linux_desktop	5.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_eus	6.7
redhat	enterprise_linux_eus	7.2
redhat	enterprise_linux_eus	7.3
redhat	enterprise_linux_eus	7.4
redhat	enterprise_linux_eus	7.5
redhat	enterprise_linux_eus_compute_node	7.2
redhat	enterprise_linux_eus_compute_node	7.3
redhat	enterprise_linux_for_ibm_z_systems	5.0_s390x:_s390x
redhat	enterprise_linux_for_ibm_z_systems	6.0_s390x:_s390x
redhat	enterprise_linux_for_ibm_z_systems	7.0_s390x:_s390x
redhat	enterprise_linux_for_ibm_z_systems_eus	6.7_s390x:_s390x
redhat	enterprise_linux_for_ibm_z_systems_eus	7.2_s390x:_s390x
redhat	enterprise_linux_for_ibm_z_systems_eus	7.3_s390x:_s390x
redhat	enterprise_linux_for_ibm_z_systems_eus	7.4_s390x:_s390x
redhat	enterprise_linux_for_ibm_z_systems_eus	7.5_s390x:_s390x
redhat	enterprise_linux_for_power_big_endian	5.0_ppc:_ppc
redhat	enterprise_linux_for_power_big_endian	6.0_ppc64:_ppc64
redhat	enterprise_linux_for_power_big_endian	7.0_ppc64:_ppc64
redhat	enterprise_linux_for_power_big_endian_eus	6.7_ppc64:_ppc64
redhat	enterprise_linux_for_power_big_endian_eus	7.2_ppc64:_ppc64
redhat	enterprise_linux_for_power_big_endian_eus	7.3_ppc64:_ppc64
redhat	enterprise_linux_for_power_big_endian_eus	7.4_ppc64:_ppc64
redhat	enterprise_linux_for_power_big_endian_eus	7.5_ppc64:_ppc64
redhat	enterprise_linux_for_power_little_endian	7.0_ppc64le:_ppc64le
redhat	enterprise_linux_for_power_little_endian_eus	7.2_ppc64le:_ppc64le
redhat	enterprise_linux_for_power_little_endian_eus	7.3_ppc64le:_ppc64le
redhat	enterprise_linux_for_power_little_endian_eus	7.4_ppc64le:_ppc64le
redhat	enterprise_linux_for_power_little_endian_eus	7.5_ppc64le:_ppc64le
redhat	enterprise_linux_for_scientific_computing	6.0
redhat	enterprise_linux_for_scientific_computing	7.0
redhat	enterprise_linux_server	5.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_from_rhui	5.0
redhat	enterprise_linux_server_from_rhui	6.0
redhat	enterprise_linux_server_from_rhui	7.0
redhat	enterprise_linux_workstation	5.0
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0
opensuse	leap	42.1
opensuse	opensuse	13.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openjdk-8

sid	8u432-b06-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

openjdk-6

precise	not-affected
trusty	dne
vivid	not-affected
wily	not-affected

openjdk-7

precise	not-affected
trusty	dne
vivid	not-affected
wily	not-affected

openjdk-8

precise	dne
trusty	dne
vivid	not-affected
wily	not-affected

Common Weakness Enumeration

CWE-284 - Improper Access Control
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html

http://rhn.redhat.com/errata/RHSA-2015-1926.html

http://rhn.redhat.com/errata/RHSA-2015-1927.html

http://rhn.redhat.com/errata/RHSA-2015-1928.html

http://rhn.redhat.com/errata/RHSA-2015-2506.html

http://rhn.redhat.com/errata/RHSA-2015-2507.html

http://rhn.redhat.com/errata/RHSA-2015-2508.html

http://rhn.redhat.com/errata/RHSA-2015-2509.html

http://rhn.redhat.com/errata/RHSA-2015-2518.html

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://www.securityfocus.com/bid/77241

http://www.securitytracker.com/id/1033884

https://access.redhat.com/errata/RHSA-2016:1430

https://security.gentoo.org/glsa/201603-11

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html

http://rhn.redhat.com/errata/RHSA-2015-1926.html

http://rhn.redhat.com/errata/RHSA-2015-1927.html

http://rhn.redhat.com/errata/RHSA-2015-1928.html

http://rhn.redhat.com/errata/RHSA-2015-2506.html

http://rhn.redhat.com/errata/RHSA-2015-2507.html

http://rhn.redhat.com/errata/RHSA-2015-2508.html

http://rhn.redhat.com/errata/RHSA-2015-2509.html

http://rhn.redhat.com/errata/RHSA-2015-2518.html

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://www.securityfocus.com/bid/77241

http://www.securitytracker.com/id/1033884

https://access.redhat.com/errata/RHSA-2016:1430

https://security.gentoo.org/glsa/201603-11

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-4902