Exploited
Advisory Published
CVE Published
Updated

CVE-2015-2590: Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability

First published: Tue Jul 14 2015(Updated: )

An unspecified flaw was found in the Libraries component in OpenJDK. ObjectInputStream's readSerialData() could, in certain cases, incorrectly perform deserialization of data from serialized input. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.

Credit: secalert_us@oracle.com secalert_us@oracle.com secalert_us@oracle.com

Affected SoftwareAffected VersionHow to fix
Oracle JDK=1.6.0-update95
Oracle JDK=1.7.0-update75
Oracle JDK=1.7.0-update80
Oracle JDK=1.8.0-update_33
Oracle JDK=1.8.0-update45
Oracle JRE=1.6.0-update_95
Oracle JRE=1.7.0-update_75
Oracle JRE=1.7.0-update_80
Oracle JRE=1.8.0-update_33
Oracle JRE=1.8.0-update_45
Canonical Ubuntu Linux=12.04
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=15.04
Debian Debian Linux=7.0
Debian Debian Linux=8.0
SUSE Linux Enterprise Debuginfo=11-sp3
SUSE Linux Enterprise Debuginfo=11-sp4
openSUSE openSUSE=13.1
openSUSE openSUSE=13.2
SUSE Linux Enterprise Desktop=11-sp3
SUSE Linux Enterprise Desktop=11-sp4
SUSE Linux Enterprise Desktop=12
SUSE Linux Enterprise Server=12
Redhat Satellite=5.6
Redhat Satellite=5.7
Redhat Enterprise Linux Desktop=5.0
Redhat Enterprise Linux Desktop=6.0
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Eus=6.6
Redhat Enterprise Linux Eus=6.7
Redhat Enterprise Linux Eus=7.1
Redhat Enterprise Linux Eus=7.2
Redhat Enterprise Linux Eus=7.3
Redhat Enterprise Linux Eus=7.4
Redhat Enterprise Linux Eus=7.5
Redhat Enterprise Linux For Ibm Z Systems=6.0_s390x
Redhat Enterprise Linux For Ibm Z Systems Eus=6.7_s390x
Redhat Enterprise Linux For Ibm Z Systems Eus=7.1_s390x
Redhat Enterprise Linux For Ibm Z Systems Eus=7.2_s390x
Redhat Enterprise Linux For Ibm Z Systems Eus=7.3_s390x
Redhat Enterprise Linux For Ibm Z Systems Eus=7.4_s390x
Redhat Enterprise Linux For Ibm Z Systems Eus=7.5_s390x
Redhat Enterprise Linux For Power Big Endian=6.0_ppc64
Redhat Enterprise Linux For Power Big Endian=7.0_ppc64
Redhat Enterprise Linux For Power Big Endian Eus=6.7_ppc64
Redhat Enterprise Linux For Power Big Endian Eus=7.1_ppc64
Redhat Enterprise Linux For Power Big Endian Eus=7.2_ppc64
Redhat Enterprise Linux For Power Big Endian Eus=7.3_ppc64
Redhat Enterprise Linux For Power Big Endian Eus=7.4_ppc64
Redhat Enterprise Linux For Power Big Endian Eus=7.5_ppc64
Redhat Enterprise Linux For Power Little Endian=7.0_ppc64le
Redhat Enterprise Linux For Power Little Endian Eus=7.1_ppc64le
Redhat Enterprise Linux For Power Little Endian Eus=7.2_ppc64le
Redhat Enterprise Linux For Power Little Endian Eus=7.3_ppc64le
Redhat Enterprise Linux For Power Little Endian Eus=7.4_ppc64le
Redhat Enterprise Linux For Power Little Endian Eus=7.5_ppc64le
Redhat Enterprise Linux Server=5.0
Redhat Enterprise Linux Server=6.0
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Server Aus=6.6
Redhat Enterprise Linux Server Aus=7.3
Redhat Enterprise Linux Server Aus=7.4
Redhat Enterprise Linux Server Aus=7.6
Redhat Enterprise Linux Server Aus=7.7
Redhat Enterprise Linux Server Tus=6.6
Redhat Enterprise Linux Server Tus=7.3
Redhat Enterprise Linux Server Tus=7.6
Redhat Enterprise Linux Server Tus=7.7
Redhat Enterprise Linux Workstation=5.0
Redhat Enterprise Linux Workstation=6.0
Redhat Enterprise Linux Workstation=7.0
Oracle Java SE
debian/openjdk-8
8u432-b06-2

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2015-2590?

    The severity of CVE-2015-2590 is critical with a severity value of 10.

  • Which software versions are affected by CVE-2015-2590?

    Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 are affected by CVE-2015-2590.

  • How can remote attackers exploit CVE-2015-2590?

    Remote attackers can exploit CVE-2015-2590 to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

  • Where can I find more information about CVE-2015-2590?

    You can find more information about CVE-2015-2590 on the Oracle website and the Trend Micro blog.

  • What is the remedy for CVE-2015-2590?

    Apply the patches provided by Oracle and ensure that you are using the latest version of Oracle Java SE or Java SE Embedded.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203