CVE-2015-4749

DEB

Medium

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attacke…

CVSS

4.3

Medium

EPSS

0.05

p90

Published

2015-01-01

Updated

2015-01-01

Description

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI.

Tags · CWE

CWE-772

CAPEC-469

Affected products

Java-1.5.0-ibmJava-1.5.0-ibmJava-1.6.0-ibmJava-1.6.0-ibmJava-1.6.0-ibmJava-1.6.0-ibmJava-1.6.0-openjdkJava-1.6.0-openjdkJava-1.6.0-openjdkJava-1.6.0-sunJava-1.6.0-sunJava-1.6.0-sunJava-1.7.0-ibmJava-1.7.0-openjdkJava-1.7.0-openjdkJava-1.7.0-openjdkJava-1.7.0-oracleJava-1.7.0-oracleJava-1.7.0-oracleJava-1.7.1-ibm

CVSS vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Timeline

2015-01-01

Published

2015-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: M

Medium

Authentication

Au: N

None (N)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: N

None (N)

Availability Impact

A: P

Partial

Exploit indicators

EPSS

0.055 · p90

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1499.002Service Exhaustion Flood

└ via CAPEC-469 · CWE-772

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected software

Product	Vendor	Status
java-1.5.0-ibm		Tracked
java-1.5.0-ibm		Tracked
java-1.6.0-ibm		Tracked
java-1.6.0-ibm		Tracked
java-1.6.0-ibm		Tracked
java-1.6.0-ibm		Tracked
java-1.6.0-openjdk		Tracked
java-1.6.0-openjdk		Tracked
java-1.6.0-openjdk		Tracked
java-1.6.0-sun		Tracked
java-1.6.0-sun		Tracked
java-1.6.0-sun		Tracked
java-1.7.0-ibm		Tracked
java-1.7.0-openjdk		Tracked
java-1.7.0-openjdk		Tracked
java-1.7.0-openjdk		Tracked
java-1.7.0-oracle		Tracked
java-1.7.0-oracle		Tracked
java-1.7.0-oracle		Tracked
java-1.7.1-ibm		Tracked

Source databases

DEB

CVE

RED

UBU