CVE-2015-4805Improper Initialization in Oracle JDK

CWE-665Improper Initialization10 documents8 sources
Severity
10.0CRITICALNVD
OSV5.0
EPSS
6.5%
top 8.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle JDKOracle JRE
Timeline
PublishedOct 21
Latest updateMay 13

Description

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDoracle/jdk1.6.0, 1.7.0, 1.8.0+2
NVDoracle/jre1.6.0, 1.7.0, 1.8.0+2

🔴Vulnerability Details

4
GHSA
GHSA-cq64-ppmj-mrvv: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integ2022-05-13
OSV
openjdk-7 vulnerabilities2015-10-28
OSV
CVE-2015-4805: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integ2015-10-21
CVEList
CVE-2015-4805: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integ2015-10-21

📋Vendor Advisories

4
Ubuntu
OpenJDK 6 vulnerabilities2015-12-03
Ubuntu
OpenJDK 7 vulnerabilities2015-10-28
Red Hat
OpenJDK: missing checks for proper initialization in ObjectStreamClass (Serialization, 8103671)2015-10-20
Debian
CVE-2015-4805: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE E...2015

💬Community

1
Bugzilla
CVE-2015-4805 OpenJDK: missing checks for proper initialization in ObjectStreamClass (Serialization, 8103671)2015-10-20
CVE-2015-4805 — Improper Initialization in Oracle JDK | cvebase