CVE-2015-0478Improperly Implemented Security Check for Standard in Oracle JDK

CWE-358Improperly Implemented Security Check for Standard10 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
4.1%
top 11.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oracle JDKOracle JREOracle Jrockit
Timeline
PublishedApr 16
Latest updateMay 13

Description

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDoracle/jrockitr28.3.5
NVDoracle/jdk4 versions+3
NVDoracle/jre4 versions+3

🔴Vulnerability Details

4
GHSA
GHSA-gp6q-r5x8-3f6p: Unspecified vulnerability in Oracle Java SE 52022-05-13
OSV
openjdk-7 vulnerabilities2015-04-21
CVEList
CVE-2015-0478: Unspecified vulnerability in Oracle Java SE 52015-04-16
OSV
CVE-2015-0478: Unspecified vulnerability in Oracle Java SE 52015-04-15

📋Vendor Advisories

4
Ubuntu
OpenJDK 6 vulnerabilities2015-04-21
Ubuntu
OpenJDK 7 vulnerabilities2015-04-21
Red Hat
OpenJDK: insufficient hardening of RSA-CRT implementation (JCE, 8071726)2015-04-14
Debian
CVE-2015-0478: openjdk-8 - Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JR...2015

💬Community

1
Bugzilla
CVE-2015-0478 OpenJDK: insufficient hardening of RSA-CRT implementation (JCE, 8071726)2015-04-09
CVE-2015-0478 — Oracle JDK vulnerability | cvebase