CVE-2015-4911Inefficient Algorithmic Complexity in Oracle JDK

CWE-407Inefficient Algorithmic ComplexityCWE-770Allocation of Resources Without Limits or Throttling11 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
6.6%
top 8.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oracle JDKOracle JREOracle Jrockit
Timeline
PublishedOct 22
Latest updateMay 13

Description

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDoracle/jrockitr28.3.7
NVDoracle/jdk1.6.0, 1.7.0, 1.8.0+2
NVDoracle/jre1.6.0, 1.7.0, 1.8.0+2

🔴Vulnerability Details

3
GHSA
GHSA-cpw3-m2c6-7wch: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R282022-05-13
OSV
CVE-2015-4911: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R282015-10-21
CVEList
CVE-2015-4911: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R282015-10-21

📋Vendor Advisories

6
Ubuntu
OpenJDK 6 vulnerabilities2015-12-03
Ubuntu
OpenJDK 7 vulnerabilities2015-10-28
Red Hat
OpenJDK: incomplete supportDTD enforcement (JAXP, 8130078)2015-10-20
Red Hat
OpenJDK: inefficient use of hash tables and lists during XML parsing (JAXP, 8068842)2015-10-20
Red Hat
OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733)2015-10-20

💬Community

1
Bugzilla
CVE-2015-4911 OpenJDK: incomplete supportDTD enforcement (JAXP, 8130078)2015-10-20
CVE-2015-4911 — Inefficient Algorithmic Complexity | cvebase