CVE-2015-4893Allocation of Resources Without Limits or Throttling in Oracle JDK

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-407Inefficient Algorithmic Complexity11 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
6.6%
top 8.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oracle JDKOracle JREOracle Jrockit
Timeline
PublishedOct 21
Latest updateMay 13

Description

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDoracle/jrockitr28.3.7
NVDoracle/jdk1.6.0, 1.7.0, 1.8.0+2
NVDoracle/jre1.6.0, 1.7.0, 1.8.0+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-g9px-7f52-qj47: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R282022-05-13
CVEList
CVE-2015-4893: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R282015-10-21
OSV
CVE-2015-4893: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R282015-10-21

📋Vendor Advisories

6
Ubuntu
OpenJDK 6 vulnerabilities2015-12-03
Ubuntu
OpenJDK 7 vulnerabilities2015-10-28
Red Hat
OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733)2015-10-20
Red Hat
OpenJDK: inefficient use of hash tables and lists during XML parsing (JAXP, 8068842)2015-10-20
Red Hat
OpenJDK: incomplete supportDTD enforcement (JAXP, 8130078)2015-10-20

💬Community

1
Bugzilla
CVE-2015-4893 OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733)2015-10-20
CVE-2015-4893 — Oracle JDK vulnerability | cvebase