Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 Feb 2015 (Windows) Network Vulnerability

Summary

The host is installed with Oracle Java SE JRE and is prone to multiple unspecified vulnerabilities.

Impact

Successful exploitation will allow attackers to gain escalated privileges, bypass sandbox restrictions and execute arbitrary code. Impact Level: System/Application

Solution

Apply the patch from below link, http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Insight

Multiple unspecified flaws exist due to, - An error in the Hotspot JVM compiler related to code optimization. - An error in the Install component. - An error in the 'java.lang.ClassLoader getParent' function related to an improper permission check.

Affected

Oracle Java SE 8 update 25 and prior on Windows.

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/117226
http://osvdb.org/117229
http://osvdb.org/117231
http://secunia.com/advisories/62215
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-6549, CVE-2015-0421, CVE-2015-0437

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Mac OS X)
7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Dec13 (Windows)

Take action and discover your vulnerabilities