CVE-2015-0395 : Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiali

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

Published 2015-01-21 18:59:39

Updated 2022-05-13 14:57:21

Source Oracle

View at NVD, CVE.org

Threat overview for CVE-2015-0395

Top countries where our scanners detected CVE-2015-0395

Top open port discovered on systems with this issue 53

IPs affected by CVE-2015-0395 148,024

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2015-0395!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2015-0395

Probability of exploitation activity in the next 30 days: 11.86%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-0395

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2015-0395

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html

[security-announce] SUSE-SU-2015:0503-1: important: Security update for

CVEs referencing this url
https://security.gentoo.org/glsa/201507-14

Oracle JRE/JDK: Multiple vulnerabilities (GLSA 201507-14) — Gentoo security

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-0136.html

RHSA-2015:0136 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2487-1

USN-2487-1: OpenJDK 7 vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/100143

Oracle Java SE Hotspot unspecified CVE-2015-0395 Vulnerability Report
http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-0079.html

RHSA-2015:0079 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://marc.info/?l=bugtraq&m=142607790919348&w=2

'[security bulletin] HPSBUX03281 SSRT101968 rev.1 - HP-UX running Java7, Remote Unauthorized Access, ' - MARC

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-0264.html

RHSA-2015:0264 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://security.gentoo.org/glsa/201603-14

IcedTea: Multiple vulnerabilities (GLSA 201603-14) — Gentoo security

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-0085.html

RHSA-2015:0085 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www.debian.org/security/2015/dsa-3147

Debian -- Security Information -- DSA-3147-1 openjdk-6

CVEs referencing this url
http://marc.info/?l=bugtraq&m=142496355704097&w=2

'[security bulletin] HPSBUX03273 SSRT101951 rev.1 - HP-UX running Java6, Remote Unauthorized Access, ' - MARC

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2486-1

USN-2486-1: OpenJDK 6 vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html

[security-announce] openSUSE-SU-2015:0190-1: important: Security update

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Oracle Critical Patch Update - January 2015
Patch;Vendor Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1031580

Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Partially Access and Modify Data - SecurityTracker

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-0086.html

RHSA-2015:0086 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www.debian.org/security/2015/dsa-3144

Debian -- Security Information -- DSA-3144-1 openjdk-7

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-0080.html

RHSA-2015:0080 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www.securityfocus.com/bid/72142

Oracle Java SE CVE-2015-0395 Remote Java SE Vulnerability
https://www-304.ibm.com/support/docview.wss?uid=swg21695474

IBM Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition

CVEs referencing this url
http://www.vmware.com/security/advisories/VMSA-2015-0003.html

VMSA-2015-0003.14

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html

[security-announce] SUSE-SU-2015:0336-1: important: Security update for

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-0068.html

RHSA-2015:0068 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url

Products affected by CVE-2015-0395

Novell » Suse Linux Enterprise Server » Version: 11.0 Update SP3
cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*
Matching versions
Novell » Suse Linux Enterprise Server » Version: 12.0
cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 5
cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.7.0 Update Update72
cpe:2.3:a:oracle:jdk:1.7.0:update72:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.8.0 Update Update25
cpe:2.3:a:oracle:jdk:1.8.0:update25:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update85
cpe:2.3:a:oracle:jdk:1.6.0:update85:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.5.0 Update Update75
cpe:2.3:a:oracle:jdk:1.5.0:update75:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.8.0 Update Update25
cpe:2.3:a:oracle:jre:1.8.0:update25:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.7.0 Update Update72
cpe:2.3:a:oracle:jre:1.7.0:update72:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.6.0 Update Update85
cpe:2.3:a:oracle:jre:1.6.0:update85:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.5.0 Update Update75
cpe:2.3:a:oracle:jre:1.5.0:update75:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 10.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.10
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.2
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-0395

Threat overview for CVE-2015-0395

Exploit prediction scoring system (EPSS) score for CVE-2015-0395

CVSS scores for CVE-2015-0395

References for CVE-2015-0395

Products affected by CVE-2015-0395