The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability alert CVE-2015-2590 CVE-2015-2596 CVE-2015-2597

Oracle Java: several vulnerabilities of July 2015

Synthesis of the vulnerability

Several vulnerabilities of Oracle Java were announced in July 2015.
Vulnerable software: DCFM Enterprise, FabricOS, Brocade Network Advisor, Brocade vTM, Debian, Avamar, BIG-IP Hardware, TMOS, Fedora, AIX, DB2 UDB, Domino, Notes, IRAD, SPSS Data Collection, SPSS Modeler, SPSS Statistics, Tivoli Storage Manager, Tivoli System Automation, WebSphere MQ, Junos Space, ePO, SnapManager, Java OpenJDK, openSUSE, Java Oracle, JavaFX, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this announce: 3/4.
Consequences of an intrusion: user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Attacker's origin: document.
Number of vulnerabilities in this bulletin: 25.
Creation date: 15/07/2015.
Références of this computer vulnerability: 1963330, 1963331, 1963812, 1964236, 1966040, 1966536, 1967222, 1967498, 1967893, 1968485, 1972455, 206954, 9010041, 9010044, BSA-2016-002, CERTFR-2015-ALE-007, CERTFR-2015-AVI-305, CERTFR-2016-AVI-128, cpujul2015, CVE-2015-2590, CVE-2015-2596, CVE-2015-2597, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2659, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760, DSA-3316-1, DSA-3339-1, ESA-2015-134, FEDORA-2015-11859, FEDORA-2015-11860, JSA10727, NTAP-20150715-0001, NTAP-20151028-0001, openSUSE-SU-2015:1288-1, openSUSE-SU-2015:1289-1, RHSA-2015:1228-01, RHSA-2015:1229-01, RHSA-2015:1230-01, RHSA-2015:1241-01, RHSA-2015:1242-01, RHSA-2015:1243-01, RHSA-2015:1485-01, RHSA-2015:1486-01, RHSA-2015:1488-01, RHSA-2015:1526-01, RHSA-2015:1544-01, SB10139, SOL17079, SOL17169, SOL17170, SOL17171, SOL17173, SUSE-SU-2015:1319-1, SUSE-SU-2015:1320-1, SUSE-SU-2015:1329-1, SUSE-SU-2015:1331-1, SUSE-SU-2015:1345-1, SUSE-SU-2015:1375-1, SUSE-SU-2015:1509-1, SUSE-SU-2015:2166-1, SUSE-SU-2015:2192-1, USN-2696-1, USN-2706-1, VIGILANCE-VUL-17371.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service (VIGILANCE-VUL-17558). [severity:3/4; CVE-2015-4760]

An attacker can use a vulnerability of CORBA, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2628]

An attacker can use a vulnerability of JMX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4731]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2590]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4732]

An attacker can use a vulnerability of RMI, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4733]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2638]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4736]

An attacker can use a vulnerability of Security, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4748]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2597]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2664]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; CVE-2015-2632]

An attacker can use a vulnerability of JCE, in order to obtain information. [severity:2/4; CVE-2015-2601]

An attacker can use a vulnerability of JCE, in order to obtain information (VIGILANCE-VUL-18168). [severity:2/4; CVE-2015-2613]

An attacker can use a vulnerability of JMX, in order to obtain information. [severity:2/4; CVE-2015-2621]

An attacker can use a vulnerability of Security, in order to trigger a denial of service. [severity:2/4; CVE-2015-2659]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; CVE-2015-2619]

An attacker can bypass security features in 2D, in order to obtain sensitive information. [severity:2/4; CVE-2015-2637]

An attacker can use a vulnerability of Hotspot, in order to alter information. [severity:2/4; CVE-2015-2596]

An attacker can use a vulnerability of JNDI, in order to trigger a denial of service. [severity:2/4; CVE-2015-4749]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; CVE-2015-4729]

An attacker can use a vulnerability of JSSE, in order to obtain or alter information. [severity:2/4; CVE-2015-4000]

An attacker can use a vulnerability of JSSE, in order to obtain or alter information. [severity:2/4; CVE-2015-2808]

An attacker can use a vulnerability of Install, in order to obtain information. [severity:1/4; CVE-2015-2627]

An attacker can use a vulnerability of JSSE, in order to obtain information. [severity:1/4; CVE-2015-2625]
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a networks vulnerabilities management. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The technology watch team tracks security threats targeting the computer system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.