Vulnerability Details : CVE-2015-2601
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.
Threat overview for CVE-2015-2601
Top countries where our scanners detected CVE-2015-2601
Top open port discovered on systems with this issue
90
IPs affected by CVE-2015-2601 1,154
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-2601!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-2601
Probability of exploitation activity in the next 30 days: 0.79%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-2601
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2015-2601
- http://rhn.redhat.com/errata/RHSA-2015-1488.html
-
http://www.ubuntu.com/usn/USN-2696-1
USN-2696-1: OpenJDK 7 vulnerabilities | Ubuntu security notices
-
http://www.debian.org/security/2015/dsa-3339
Debian -- Security Information -- DSA-3339-1 openjdk-6
- http://rhn.redhat.com/errata/RHSA-2015-1485.html
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html
[security-announce] SUSE-SU-2015:1319-1: important: Security update for
-
http://rhn.redhat.com/errata/RHSA-2015-1526.html
RHSA-2015:1526 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/75867
Oracle Java SE CVE-2015-2601 Remote Security Vulnerability
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
Juniper Networks - 2016-04 Security Bulletin: Junos Space: Multiple privilege escalation vulnerabilities in Junos Space
-
http://rhn.redhat.com/errata/RHSA-2015-1604.html
RHSA-2015:1604 - Security Advisory - Red Hat Customer Portal
-
https://security.gentoo.org/glsa/201603-14
IcedTea: Multiple vulnerabilities (GLSA 201603-14) — Gentoo security
-
http://www.securitytracker.com/id/1037732
RSA BSAFE Crypto-J Bugs Let Remote USers Bypass OCSP Time Validation and Conduct Timing Attacks to Determine PKCS MAC Values - SecurityTracker
-
http://rhn.redhat.com/errata/RHSA-2015-1242.html
RHSA-2015:1242 - Security Advisory - Red Hat Customer Portal
- http://rhn.redhat.com/errata/RHSA-2015-1544.html
-
http://www.debian.org/security/2015/dsa-3316
Debian -- Security Information -- DSA-3316-1 openjdk-7
-
http://rhn.redhat.com/errata/RHSA-2015-1486.html
RHSA-2015:1486 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2015-1228.html
RHSA-2015:1228 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-2706-1
USN-2706-1: OpenJDK 6 vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html
[security-announce] SUSE-SU-2015:1320-1: important: Security update for
-
http://rhn.redhat.com/errata/RHSA-2015-1230.html
RHSA-2015:1230 - Security Advisory - Red Hat Customer Portal
-
http://www.securitytracker.com/id/1032910
Oracle Java SE Multiple Flaws Lets Local and Remote Users Gain Elevated Privileges and Remote Users Partially Access Data, Modify Data, and Deny Service - SecurityTracker
-
http://rhn.redhat.com/errata/RHSA-2015-1243.html
RHSA-2015:1243 - Security Advisory - Red Hat Customer Portal
- https://kc.mcafee.com/corporate/index?page=content&id=SB10139
-
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Oracle Critical Patch Update - July 2015Patch;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html
[security-announce] openSUSE-SU-2015:1289-1: important: Security update
-
https://security.gentoo.org/glsa/201603-11
Oracle JRE/JDK: Multiple vulnerabilities (GLSA 201603-11) — Gentoo security
-
http://rhn.redhat.com/errata/RHSA-2015-1229.html
RHSA-2015:1229 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2015-1241.html
RHSA-2015:1241 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html
[security-announce] openSUSE-SU-2015:1288-1: important: Security update
Products affected by CVE-2015-2601
- cpe:2.3:a:oracle:jrockit:r28.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update75:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.8.0:update45:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.8.0:update_33:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update95:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update80:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update_33:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update_45:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update_75:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update_80:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update_95:*:*:*:*:*:*