CVE-2015-2625Improper Certificate Validation in Oracle JDK

CWE-295Improper Certificate Validation11 documents8 sources
Severity
2.6LOWNVD
EPSS
3.1%
top 13.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oracle JDKOracle JREOracle Jrockit
Timeline
PublishedJul 16
Latest updateMay 13

Description

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages3 packages

NVDoracle/jrockitr28.3.6
NVDoracle/jdk1.6.0, 1.7.0, 1.8.0+2
NVDoracle/jre1.6.0, 1.7.0, 1.8.0+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
GHSA-r9xx-mc22-4j87: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R282022-05-13
OSV
openjdk-7 vulnerabilities2015-07-30
CVEList
CVE-2015-2625: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R282015-07-16
OSV
CVE-2015-2625: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R282015-07-16

📋Vendor Advisories

5
Ubuntu
OpenJDK 6 vulnerabilities2015-08-06
Ubuntu
OpenJDK 7 vulnerabilities2015-07-30
Ubuntu
OpenJDK 7 vulnerabilities2015-07-30
Debian
CVE-2015-2625: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3....2015
Red Hat
OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)2014-11-02

💬Community

1
Bugzilla
CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)2015-07-10
CVE-2015-2625 — Improper Certificate Validation | cvebase