CVE-2015-4908 : Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via

Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4916.

Published 2015-10-22 00:00:11

Updated 2020-09-08 12:30:27

Source Oracle

View at NVD, CVE.org

Threat overview for CVE-2015-4908

Top countries where our scanners detected CVE-2015-4908

Top open port discovered on systems with this issue 80

IPs affected by CVE-2015-4908 162

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2015-4908!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2015-4908

Probability of exploitation activity in the next 30 days: 0.65%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 77 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-4908

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2015-4908

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html

[security-announce] openSUSE-SU-2015:1905-1: important: Security update

CVEs referencing this url
http://www.securitytracker.com/id/1033884

Oracle Java SE Multiple Flaws Let Local and Remote Users Gain Elevated Privileges and Remote Users Access and Modify Data and Deny Service - SecurityTracker

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html

[security-announce] openSUSE-SU-2016:0270-1: critical: Security update f

CVEs referencing this url
https://security.gentoo.org/glsa/201603-11

Oracle JRE/JDK: Multiple vulnerabilities (GLSA 201603-11) — Gentoo security

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Oracle Critical Patch Update - October 2015
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/77223

Oracle Java SE CVE-2015-4908 Remote Security Vulnerability
http://rhn.redhat.com/errata/RHSA-2015-1926.html

RHSA-2015:1926 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url

Products affected by CVE-2015-4908

Oracle » JDK » Version: 1.8.0 Update Update60
cpe:2.3:a:oracle:jdk:1.8.0:update60:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.8.0 Update Update 60
cpe:2.3:a:oracle:jre:1.8.0:update_60:*:*:*:*:*:*
Matching versions
Oracle » Javafx » Version: 2.2.85
cpe:2.3:a:oracle:javafx:2.2.85:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-4908

Threat overview for CVE-2015-4908

Exploit prediction scoring system (EPSS) score for CVE-2015-4908

CVSS scores for CVE-2015-4908

References for CVE-2015-4908

Products affected by CVE-2015-4908