Summary
The host is installed with Oracle Java SE
JRE and is prone to multiple unspecified vulnerabilities.
Impact
Successful exploitation will allow attackers
to gain escalated privileges, conduct a denial of service attack, bypass sandbox restrictions and execute arbitrary code.
Impact Level: System/Application
Solution
Apply the patch from below link,
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Insight
Multiple unspecified flaws exist due to,
- An unspecified error in the JAX-WS component related to insufficient privilege checks.
- Two unspecified errors in the Deployment component.
- An unspecified error in the 'Libraries' component.
- An error in vm/classfile/verifier.cpp script related to insufficient verification of invokespecial calls.
- A NULL pointer dereference error in the MulticastSocket implementation.
Affected
Oracle Java SE 6 update 85 and prior,
7 update 72 and prior, and 8 update 25 and prior on Windows.
Detection
Get the installed version with the help
of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-6587, CVE-2014-6601, CVE-2015-0400, CVE-2015-0403, CVE-2015-0406, CVE-2015-0412 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe Air Multiple Vulnerabilities June-2012 (Mac OS X)
- 3S CoDeSys CmpWebServer Multiple Vulnerabilities
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Linux)