CVE-2015-2638
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2015-2638
Vendor advisory: secalert_us@oracle.com — http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | sid | fixed | 0 |
References
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html
- http://rhn.redhat.com/errata/RHSA-2015-1241.html
- http://rhn.redhat.com/errata/RHSA-2015-1242.html
- http://rhn.redhat.com/errata/RHSA-2015-1243.html
- http://rhn.redhat.com/errata/RHSA-2015-1485.html
- http://rhn.redhat.com/errata/RHSA-2015-1486.html
- http://rhn.redhat.com/errata/RHSA-2015-1488.html
- http://rhn.redhat.com/errata/RHSA-2015-1544.html
- http://rhn.redhat.com/errata/RHSA-2015-1604.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.securityfocus.com/bid/75833
- http://www.securitytracker.com/id/1032910
- https://security.gentoo.org/glsa/201603-11
- https://security-tracker.debian.org/tracker/CVE-2015-2638
Verify integrity in audit chain (admin only). AS-IS.