The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability note CVE-2014-3566 CVE-2014-6549 CVE-2014-6585

Oracle Java: several vulnerabilities of January 2015

Synthesis of the vulnerability

Several vulnerabilities of Oracle Java were announced in January 2015.
Vulnerable products: Debian, Fedora, HP-UX, AIX, IRAD, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere MQ, ePO, Java OpenJDK, openSUSE, Java Oracle, JavaFX, Solaris, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, vCenter Server, VMware vSphere.
Severity of this weakness: 3/4.
Consequences of a hack: user access/rights, client access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Hacker's origin: document.
Number of vulnerabilities in this bulletin: 19.
Creation date: 21/01/2015.
Références of this bulletin: 1698239, 1699051, 1700706, 1701485, 7045736, c04517481, c04580241, c04583581, CERTFR-2015-AVI-034, CERTFR-2016-AVI-303, cpujan2015, CTX216642, CVE-2014-3566, CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0400, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413, CVE-2015-0421, CVE-2015-0437, DSA-3144-1, DSA-3147-1, FEDORA-2015-0983, FEDORA-2015-1075, FEDORA-2015-1150, FEDORA-2015-8251, FEDORA-2015-8264, HPSBUX03219, HPSBUX03273, HPSBUX03281, MDVSA-2015:033, MDVSA-2015:198, openSUSE-SU-2015:0190-1, RHSA-2015:0067-01, RHSA-2015:0068-01, RHSA-2015:0069-01, RHSA-2015:0079-01, RHSA-2015:0080-01, RHSA-2015:0085-01, RHSA-2015:0086-01, RHSA-2015:0133-01, RHSA-2015:0134-01, RHSA-2015:0135-01, RHSA-2015:0136-01, RHSA-2015:0263-01, RHSA-2015:0264-01, SB10104, SSRT101859, SSRT101951, SSRT101968, SUSE-SU-2015:0336-1, SUSE-SU-2015:0503-1, USN-2486-1, USN-2487-1, VIGILANCE-VUL-16014, VMSA-2015-0003, VMSA-2015-0003.1, VMSA-2015-0003.10, VMSA-2015-0003.11, VMSA-2015-0003.12, VMSA-2015-0003.13, VMSA-2015-0003.14, VMSA-2015-0003.15, VMSA-2015-0003.2, VMSA-2015-0003.3, VMSA-2015-0003.4, VMSA-2015-0003.5, VMSA-2015-0003.6, VMSA-2015-0003.8, VMSA-2015-0003.9.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-6601]

An attacker can use a vulnerability of JAX-WS, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0412]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-6549]

An attacker can use a vulnerability of RMI, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0408]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0395]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0437]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0403]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0421]

An attacker can use a vulnerability of Deployment, in order to obtain information, or to trigger a denial of service. [severity:2/4; CVE-2015-0406]

An attacker can use a vulnerability of Hotspot, in order to alter information, or to trigger a denial of service. [severity:2/4; CVE-2015-0383]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:2/4; CVE-2015-0400]

An attacker can use a vulnerability of Swing, in order to obtain information. [severity:2/4; CVE-2015-0407]

An attacker can use a vulnerability of Security, in order to trigger a denial of service. [severity:2/4; CVE-2015-0410]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2014-6587]

An attacker can use a vulnerability of JSSE, in order to obtain information. [severity:2/4; CVE-2014-3566]

An attacker can use a vulnerability of JSSE, in order to obtain or alter information (VIGILANCE-VUL-16300). [severity:2/4; CVE-2014-6593]

An attacker can use a vulnerability of 2D, in order to obtain information (VIGILANCE-VUL-17559). [severity:1/4; CVE-2014-6585]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:1/4; CVE-2014-6591]

An attacker can use a vulnerability of Serviceability, in order to alter information. [severity:1/4; CVE-2015-0413]
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides systems vulnerabilities bulletins. The Vigil@nce vulnerability database contains several thousand vulnerabilities. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The technology watch team tracks security threats targeting the computer system.