CVE-2015-0413 - Vulnerability Details

Vendors	Products
Canonical	Ubuntu Linux
Oracle	Jdk Jre
Redhat	Rhel Extras Oracle Java
Suse	Suse Linux Enterprise Server

Package	CPE	Advisory	Released Date
Oracle Java for Red Hat Enterprise Linux 5
java-1.7.0-oracle-1:1.7.0.75-1jpp.1.el5_11	cpe:/a:redhat:rhel_extras_oracle_java:5	RHSA-2015:0079	2015-01-22T00:00:00Z
Oracle Java for Red Hat Enterprise Linux 6
java-1.7.0-oracle-1:1.7.0.75-1jpp.1.el6	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2015:0079	2015-01-22T00:00:00Z
java-1.8.0-oracle-1:1.8.0.31-1jpp.1.el6	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2015:0080	2015-01-22T00:00:00Z
Oracle Java for Red Hat Enterprise Linux 7
java-1.7.0-oracle-1:1.7.0.75-1jpp.2.el7	cpe:/a:redhat:rhel_extras_oracle_java:7	RHSA-2015:0079	2015-01-22T00:00:00Z

Link	Providers
http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html
http://marc.info/?l=bugtraq&m=142607790919348&w=2
http://rhn.redhat.com/errata/RHSA-2015-0079.html
http://rhn.redhat.com/errata/RHSA-2015-0080.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA
http://www.securityfocus.com/bid/72176
http://www.securitytracker.com/id/1031580
http://www.ubuntu.com/usn/USN-2487-1
http://www.vmware.com/security/advisories/VMSA-2015-0003.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/100156
https://nvd.nist.gov/vuln/detail/CVE-2015-0413
https://security.gentoo.org/glsa/201507-14
https://www.cve.org/CVERecord?id=CVE-2015-0413

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-17T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"name": "RHSA-2015:0079", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"name": "oracle-cpujan2015-cve20150413(100156)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100156"}, {"name": "USN-2487-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2487-1"}, {"name": "72176", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72176"}, {"name": "SUSE-SU-2015:0336", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html"}, {"name": "RHSA-2015:0080", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html"}, {"name": "GLSA-201507-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201507-14"}, {"name": "HPSBUX03281", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581"}, {"name": "SSRT101968", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=142607790919348&w=2"}, {"name": "1031580", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031580"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2015-0413", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2015:0079", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"name": "oracle-cpujan2015-cve20150413(100156)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100156"}, {"name": "USN-2487-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2487-1"}, {"name": "72176", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72176"}, {"name": "SUSE-SU-2015:0336", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html"}, {"name": "RHSA-2015:0080", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html"}, {"name": "GLSA-201507-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201507-14"}, {"name": "HPSBUX03281", "refsource": "HP", "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581"}, {"name": "SSRT101968", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=142607790919348&w=2"}, {"name": "1031580", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031580"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:10:10.500Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2015:0079", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"name": "oracle-cpujan2015-cve20150413(100156)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100156"}, {"name": "USN-2487-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2487-1"}, {"name": "72176", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72176"}, {"name": "SUSE-SU-2015:0336", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html"}, {"name": "RHSA-2015:0080", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html"}, {"name": "GLSA-201507-14", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201507-14"}, {"name": "HPSBUX03281", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581"}, {"name": "SSRT101968", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=142607790919348&w=2"}, {"name": "1031580", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1031580"}]}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2015-0413", "datePublished": "2015-01-21T19:00:00", "dateReserved": "2014-12-17T00:00:00", "dateUpdated": "2024-08-06T04:10:10.500Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2015-01-17T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-09-07T15:57:01 (string)

orgId : 43595867-4340-4103-b7a2-9a5208d29a85 (string)

shortName : oracle (string)

}

references : [ »

0 : { »

name : RHSA-2015:0079 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-0079.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.vmware.com/security/advisories/VMSA-2015-0003.html (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html (string)

}

3 : { »

name : oracle-cpujan2015-cve20150413(100156) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/100156 (string)

}

4 : { »

name : USN-2487-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2487-1 (string)

}

5 : { »

name : 72176 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/72176 (string)

}

6 : { »

name : SUSE-SU-2015:0336 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html (string)

}

7 : { »

name : RHSA-2015:0080 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-0080.html (string)

}

8 : { »

name : GLSA-201507-14 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201507-14 (string)

}

9 : { »

name : HPSBUX03281 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

]

url : http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 (string)

}

10 : { »

name : SSRT101968 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

]

url : http://marc.info/?l=bugtraq&m=142607790919348&w=2 (string)

}

11 : { »

name : 1031580 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1031580 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secalert_us@oracle.com (string)

ID : CVE-2015-0413 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : RHSA-2015:0079 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2015-0079.html (string)

}

1 : { »

name : http://www.vmware.com/security/advisories/VMSA-2015-0003.html (string)

refsource : CONFIRM (string)

url : http://www.vmware.com/security/advisories/VMSA-2015-0003.html (string)

}

2 : { »

name : http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html (string)

refsource : CONFIRM (string)

url : http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html (string)

}

3 : { »

name : oracle-cpujan2015-cve20150413(100156) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/100156 (string)

}

4 : { »

name : USN-2487-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2487-1 (string)

}

5 : { »

name : 72176 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/72176 (string)

}

6 : { »

name : SUSE-SU-2015:0336 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html (string)

}

7 : { »

name : RHSA-2015:0080 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2015-0080.html (string)

}

8 : { »

name : GLSA-201507-14 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201507-14 (string)

}

9 : { »

name : HPSBUX03281 (string)

refsource : HP (string)

url : http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 (string)

}

10 : { »

name : SSRT101968 (string)

refsource : HP (string)

url : http://marc.info/?l=bugtraq&m=142607790919348&w=2 (string)

}

11 : { »

name : 1031580 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1031580 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T04:10:10.500Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : RHSA-2015:0079 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-0079.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.vmware.com/security/advisories/VMSA-2015-0003.html (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html (string)

}

3 : { »

name : oracle-cpujan2015-cve20150413(100156) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/100156 (string)

}

4 : { »

name : USN-2487-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2487-1 (string)

}

5 : { »

name : 72176 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/72176 (string)

}

6 : { »

name : SUSE-SU-2015:0336 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html (string)

}

7 : { »

name : RHSA-2015:0080 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-0080.html (string)

}

8 : { »

name : GLSA-201507-14 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201507-14 (string)

}

9 : { »

name : HPSBUX03281 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

2 : x_transferred (string)

]

url : http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 (string)

}

10 : { »

name : SSRT101968 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

2 : x_transferred (string)

]

url : http://marc.info/?l=bugtraq&m=142607790919348&w=2 (string)

}

11 : { »

name : 1031580 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1031580 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 43595867-4340-4103-b7a2-9a5208d29a85 (string)

assignerShortName : oracle (string)

cveId : CVE-2015-0413 (string)

datePublished : 2015-01-21T19:00:00 (string)

dateReserved : 2014-12-17T00:00:00 (string)

dateUpdated : 2024-08-06T04:10:10.500Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update72:*:*:*:*:*:*", "matchCriteriaId": "D95925E1-5761-4CDD-80A0-52939ABF52F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update25:*:*:*:*:*:*", "matchCriteriaId": "E87241E0-A296-4CAA-980A-FC572DAEB9F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update72:*:*:*:*:*:*", "matchCriteriaId": "E40DC6EF-6153-403A-BAA0-4425385F92DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update25:*:*:*:*:*:*", "matchCriteriaId": "8A9B64C6-749E-4E98-9ACA-B715A13EA390", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "7F622F0E-8D17-47E8-8F3C-A640C21544E9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Oracle Java SE 7u72 y 8u25 permite a usuarios locales afectar la integridad a a trav\u00e9s de vectores desconocidos relacionados con Serviceability"}], "evaluatorComment": "As per http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html:\n\nApplies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.", "id": "CVE-2015-0413", "lastModified": "2024-11-21T02:23:01.630", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-01-21T19:59:02.187", "references": [{"source": "secalert_us@oracle.com", "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581"}, {"source": "secalert_us@oracle.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html"}, {"source": "secalert_us@oracle.com", "url": "http://marc.info/?l=bugtraq&m=142607790919348&w=2"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html"}, {"source": "secalert_us@oracle.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.securityfocus.com/bid/72176"}, {"source": "secalert_us@oracle.com", "url": "http://www.securitytracker.com/id/1031580"}, {"source": "secalert_us@oracle.com", "url": "http://www.ubuntu.com/usn/USN-2487-1"}, {"source": "secalert_us@oracle.com", "url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html"}, {"source": "secalert_us@oracle.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100156"}, {"source": "secalert_us@oracle.com", "url": "https://security.gentoo.org/glsa/201507-14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=142607790919348&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/72176"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1031580"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2487-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100156"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201507-14"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:oracle:jdk:1.7.0:update72:*:*:*:*:*:* (string)

matchCriteriaId : D95925E1-5761-4CDD-80A0-52939ABF52F8 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:oracle:jdk:1.8.0:update25:*:*:*:*:*:* (string)

matchCriteriaId : E87241E0-A296-4CAA-980A-FC572DAEB9F5 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:oracle:jre:1.7.0:update72:*:*:*:*:*:* (string)

matchCriteriaId : E40DC6EF-6153-403A-BAA0-4425385F92DA (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:oracle:jre:1.8.0:update25:*:*:*:*:*:* (string)

matchCriteriaId : 8A9B64C6-749E-4E98-9ACA-B715A13EA390 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* (string)

matchCriteriaId : B5A6F2F3-4894-4392-8296-3B8DD2679084 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:* (string)

matchCriteriaId : 49A63F39-30BE-443F-AF10-6245587D3359 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:suse:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:* (string)

matchCriteriaId : 7F622F0E-8D17-47E8-8F3C-A640C21544E9 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability. (string)

}

1 : { »

lang : es (string)

value : Vulnerabilidad no especificada en Oracle Java SE 7u72 y 8u25 permite a usuarios locales afectar la integridad a a través de vectores desconocidos relacionados con Serviceability (string)

}

]

evaluatorComment : As per http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. (string)

id : CVE-2015-0413 (string)

lastModified : 2024-11-21T02:23:01.630 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 1.9 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:L/AC:M/Au:N/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 3.4 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2015-01-21T19:59:02.187 (string)

references : [ »

0 : { »

source : secalert_us@oracle.com (string)

url : http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 (string)

}

1 : { »

source : secalert_us@oracle.com (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html (string)

}

2 : { »

source : secalert_us@oracle.com (string)

url : http://marc.info/?l=bugtraq&m=142607790919348&w=2 (string)

}

3 : { »

source : secalert_us@oracle.com (string)

url : http://rhn.redhat.com/errata/RHSA-2015-0079.html (string)

}

4 : { »

source : secalert_us@oracle.com (string)

url : http://rhn.redhat.com/errata/RHSA-2015-0080.html (string)

}

5 : { »

source : secalert_us@oracle.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html (string)

}

6 : { »

source : secalert_us@oracle.com (string)

url : http://www.securityfocus.com/bid/72176 (string)

}

7 : { »

source : secalert_us@oracle.com (string)

url : http://www.securitytracker.com/id/1031580 (string)

}

8 : { »

source : secalert_us@oracle.com (string)

url : http://www.ubuntu.com/usn/USN-2487-1 (string)

}

9 : { »

source : secalert_us@oracle.com (string)

url : http://www.vmware.com/security/advisories/VMSA-2015-0003.html (string)

}

10 : { »

source : secalert_us@oracle.com (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/100156 (string)

}

11 : { »

source : secalert_us@oracle.com (string)

url : https://security.gentoo.org/glsa/201507-14 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://marc.info/?l=bugtraq&m=142607790919348&w=2 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2015-0079.html (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2015-0080.html (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/72176 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1031580 (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.ubuntu.com/usn/USN-2487-1 (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.vmware.com/security/advisories/VMSA-2015-0003.html (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/100156 (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://security.gentoo.org/glsa/201507-14 (string)

}

]

sourceIdentifier : secalert_us@oracle.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2015:0079", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:5", "package": "java-1.7.0-oracle-1:1.7.0.75-1jpp.1.el5_11", "product_name": "Oracle Java for Red Hat Enterprise Linux 5", "release_date": "2015-01-22T00:00:00Z"}, {"advisory": "RHSA-2015:0079", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6", "package": "java-1.7.0-oracle-1:1.7.0.75-1jpp.1.el6", "product_name": "Oracle Java for Red Hat Enterprise Linux 6", "release_date": "2015-01-22T00:00:00Z"}, {"advisory": "RHSA-2015:0080", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6", "package": "java-1.8.0-oracle-1:1.8.0.31-1jpp.1.el6", "product_name": "Oracle Java for Red Hat Enterprise Linux 6", "release_date": "2015-01-22T00:00:00Z"}, {"advisory": "RHSA-2015:0079", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7", "package": "java-1.7.0-oracle-1:1.7.0.75-1jpp.2.el7", "product_name": "Oracle Java for Red Hat Enterprise Linux 7", "release_date": "2015-01-22T00:00:00Z"}], "bugzilla": {"description": "JDK: unspecified vulnerability fixed in 7u75 and 8u31 (Serviceability)", "id": "1184278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184278"}, "csaw": false, "cvss": {"cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "details": ["Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability."], "name": "CVE-2015-0413", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "java-1.8.0-oracle", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-01-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-0413\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0413\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA"], "threat_severity": "Low"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2015:0079 (string)

cpe : cpe:/a:redhat:rhel_extras_oracle_java:5 (string)

package : java-1.7.0-oracle-1:1.7.0.75-1jpp.1.el5_11 (string)

product_name : Oracle Java for Red Hat Enterprise Linux 5 (string)

release_date : 2015-01-22T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2015:0079 (string)

cpe : cpe:/a:redhat:rhel_extras_oracle_java:6 (string)

package : java-1.7.0-oracle-1:1.7.0.75-1jpp.1.el6 (string)

product_name : Oracle Java for Red Hat Enterprise Linux 6 (string)

release_date : 2015-01-22T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2015:0080 (string)

cpe : cpe:/a:redhat:rhel_extras_oracle_java:6 (string)

package : java-1.8.0-oracle-1:1.8.0.31-1jpp.1.el6 (string)

product_name : Oracle Java for Red Hat Enterprise Linux 6 (string)

release_date : 2015-01-22T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2015:0079 (string)

cpe : cpe:/a:redhat:rhel_extras_oracle_java:7 (string)

package : java-1.7.0-oracle-1:1.7.0.75-1jpp.2.el7 (string)

product_name : Oracle Java for Red Hat Enterprise Linux 7 (string)

release_date : 2015-01-22T00:00:00Z (string)

}

]

bugzilla : { »

description : JDK: unspecified vulnerability fixed in 7u75 and 8u31 (Serviceability) (string)

id : 1184278 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1184278 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 1.9 (string)

cvss_scoring_vector : AV:L/AC:M/Au:N/C:N/I:P/A:N (string)

status : verified (string)

}

details : [ »

0 : Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability. (string)

]

name : CVE-2015-0413 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : java-1.8.0-oracle (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

]

public_date : 2015-01-20T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2015-0413 https://nvd.nist.gov/vuln/detail/CVE-2015-0413 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA (string)

]

threat_severity : Low (string)

}

Metrics

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object