CVE-2015-2601Covert Timing Channel in Oracle JDK

CWE-385Covert Timing Channel11 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
3.1%
top 13.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oracle JDKOracle JREOracle Jrockit
Timeline
PublishedJul 16
Latest updateMay 13

Description

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDoracle/jrockitr28.3.6
NVDoracle/jdk1.6.0, 1.7.0, 1.8.0+2
NVDoracle/jre1.6.0, 1.7.0, 1.8.0+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
GHSA-gjjj-w44p-x78r: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R282022-05-13
OSV
openjdk-7 vulnerabilities2015-07-30
OSV
CVE-2015-2601: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R282015-07-16
CVEList
CVE-2015-2601: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R282015-07-16

📋Vendor Advisories

5
Ubuntu
OpenJDK 6 vulnerabilities2015-08-06
Ubuntu
OpenJDK 7 vulnerabilities2015-07-30
Ubuntu
OpenJDK 7 vulnerabilities2015-07-30
Red Hat
OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)2015-07-14
Debian
CVE-2015-2601: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3....2015

💬Community

1
Bugzilla
CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)2015-07-10
CVE-2015-2601 — Covert Timing Channel in Oracle JDK | cvebase