usn-2574-1
Vulnerability from osv_ubuntu
Published
2015-04-21 13:05
Modified
2026-02-10 04:40
Summary
openjdk-7 vulnerabilities
Details

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469)

Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. (CVE-2015-0480)

Florian Weimer discovered that the RSA implementation in the JCE component in OpenJDK JRE did not follow recommended practices for implementing RSA signatures. An attacker could use this to expose sensitive data. (CVE-2015-0478)

A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this expose sensitive data over the network. (CVE-2015-0477)

A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2015-0488)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2015-0460",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-0469",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-0477",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-0478",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-0480",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-0488",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:14.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "icedtea-7-jre-jamvm",
            "binary_version": "7u79-2.5.5-0ubuntu0.14.04.2"
          },
          {
            "binary_name": "openjdk-7-demo",
            "binary_version": "7u79-2.5.5-0ubuntu0.14.04.2"
          },
          {
            "binary_name": "openjdk-7-jdk",
            "binary_version": "7u79-2.5.5-0ubuntu0.14.04.2"
          },
          {
            "binary_name": "openjdk-7-jre",
            "binary_version": "7u79-2.5.5-0ubuntu0.14.04.2"
          },
          {
            "binary_name": "openjdk-7-jre-headless",
            "binary_version": "7u79-2.5.5-0ubuntu0.14.04.2"
          },
          {
            "binary_name": "openjdk-7-jre-lib",
            "binary_version": "7u79-2.5.5-0ubuntu0.14.04.2"
          },
          {
            "binary_name": "openjdk-7-jre-zero",
            "binary_version": "7u79-2.5.5-0ubuntu0.14.04.2"
          },
          {
            "binary_name": "openjdk-7-source",
            "binary_version": "7u79-2.5.5-0ubuntu0.14.04.2"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:14.04:LTS",
        "name": "openjdk-7",
        "purl": "pkg:deb/ubuntu/openjdk-7@7u79-2.5.5-0ubuntu0.14.04.2?arch=source\u0026distro=trusty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7u79-2.5.5-0ubuntu0.14.04.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "7u25-2.3.12-4ubuntu3",
        "7u25-2.3.12-4ubuntu5",
        "7u45-2.4.3-3ubuntu1",
        "7u45-2.4.3-3ubuntu2",
        "7u45-2.4.3-4ubuntu1",
        "7u45-2.4.3-4ubuntu2",
        "7u51-2.4.4-1ubuntu1",
        "7u51-2.4.5-1ubuntu1",
        "7u51-2.4.6~pre1-1ubuntu2",
        "7u51-2.4.6-1ubuntu3",
        "7u51-2.4.6-1ubuntu4",
        "7u55-2.4.7-1ubuntu1",
        "7u65-2.5.1-4ubuntu1~0.14.04.1",
        "7u65-2.5.1-4ubuntu1~0.14.04.2",
        "7u65-2.5.2-3~14.04",
        "7u71-2.5.3-0ubuntu0.14.04.1",
        "7u75-2.5.4-1~trusty1"
      ]
    }
  ],
  "aliases": [],
  "details": "Several vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure, data integrity and availability. An attacker\ncould exploit these to cause a denial of service or expose sensitive\ndata over the network. (CVE-2015-0460, CVE-2015-0469)\n\nAlexander Cherepanov discovered that OpenJDK JRE was vulnerable to\ndirectory traversal issues with respect to handling jar files. An\nattacker could use this to expose sensitive data. (CVE-2015-0480)\n\nFlorian Weimer discovered that the RSA implementation in the JCE\ncomponent in OpenJDK JRE did not follow recommended practices for\nimplementing RSA signatures. An attacker could use this to expose\nsensitive data. (CVE-2015-0478)\n\nA vulnerability was discovered in the OpenJDK JRE related to data\nintegrity. An attacker could exploit this expose sensitive data over\nthe network. (CVE-2015-0477)\n\nA vulnerability was discovered in the OpenJDK JRE related to\navailability. An attacker could exploit these to cause a denial\nof service. (CVE-2015-0488)\n",
  "id": "USN-2574-1",
  "modified": "2026-02-10T04:40:53Z",
  "published": "2015-04-21T13:05:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-2574-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-0460"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-0469"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-0477"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-0478"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-0480"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-0488"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "openjdk-7 vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2015-0460",
    "UBUNTU-CVE-2015-0469",
    "UBUNTU-CVE-2015-0477",
    "UBUNTU-CVE-2015-0478",
    "UBUNTU-CVE-2015-0480",
    "UBUNTU-CVE-2015-0488"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…