Exploited
medium
5.3
CWE
284
Advisory Published
CVE Published
Updated

CVE-2015-4902: Oracle Java SE Integrity Check Vulnerability

First published: Tue Oct 20 2015(Updated: )

Oracle Java SE 6u105, 7u91 and 8u65 fixes an unspecified vulnerability in the Deployment component (<a href="https://access.redhat.com/security/cve/CVE-2015-4902">CVE-2015-4902</a>). Upstream has CVSSv2 scored this issue as: 5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N External Reference: <a href="http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA">http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA</a>

Credit: secalert_us@oracle.com secalert_us@oracle.com

Affected SoftwareAffected VersionHow to fix
redhat/java<1.7.0-oracle-1:1.7.0.91-1jpp.1.el5_11
1.7.0-oracle-1:1.7.0.91-1jpp.1.el5_11
redhat/java<1.6.0-sun-1:1.6.0.105-1jpp.2.el5_11
1.6.0-sun-1:1.6.0.105-1jpp.2.el5_11
redhat/java<1.8.0-oracle-1:1.8.0.65-1jpp.3.el6_7
1.8.0-oracle-1:1.8.0.65-1jpp.3.el6_7
redhat/java<1.7.0-oracle-1:1.7.0.91-1jpp.1.el6_7
1.7.0-oracle-1:1.7.0.91-1jpp.1.el6_7
redhat/java<1.6.0-sun-1:1.6.0.105-1jpp.2.el6_7
1.6.0-sun-1:1.6.0.105-1jpp.2.el6_7
redhat/java<1.8.0-oracle-1:1.8.0.65-1jpp.3.el7_1
1.8.0-oracle-1:1.8.0.65-1jpp.3.el7_1
redhat/java<1.7.0-oracle-1:1.7.0.91-1jpp.1.el7_1
1.7.0-oracle-1:1.7.0.91-1jpp.1.el7_1
redhat/java<1.6.0-sun-1:1.6.0.105-1jpp.2.el7_1
1.6.0-sun-1:1.6.0.105-1jpp.2.el7_1
redhat/java<1.7.0-ibm-1:1.7.0.9.20-1jpp.1.el5
1.7.0-ibm-1:1.7.0.9.20-1jpp.1.el5
redhat/java<1.6.0-ibm-1:1.6.0.16.15-1jpp.1.el5
1.6.0-ibm-1:1.6.0.16.15-1jpp.1.el5
redhat/java<1.5.0-ibm-1:1.5.0.16.14-1jpp.1.el5
1.5.0-ibm-1:1.5.0.16.14-1jpp.1.el5
redhat/java<1.7.1-ibm-1:1.7.1.3.20-1jpp.1.el6_7
1.7.1-ibm-1:1.7.1.3.20-1jpp.1.el6_7
redhat/java<1.6.0-ibm-1:1.6.0.16.15-1jpp.1.el6_7
1.6.0-ibm-1:1.6.0.16.15-1jpp.1.el6_7
redhat/java<1.5.0-ibm-1:1.5.0.16.14-1jpp.1.el6_7
1.5.0-ibm-1:1.5.0.16.14-1jpp.1.el6_7
redhat/java<1.7.1-ibm-1:1.7.1.3.20-1jpp.1.el7
1.7.1-ibm-1:1.7.1.3.20-1jpp.1.el7
redhat/java<1.8.0-ibm-1:1.8.0.2.0-1jpp.1.el7
1.8.0-ibm-1:1.8.0.2.0-1jpp.1.el7
redhat/java<1.7.0-ibm-1:1.7.0.9.40-1jpp.1.el5
1.7.0-ibm-1:1.7.0.9.40-1jpp.1.el5
redhat/java<1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7
1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7
redhat/spacewalk-java<0:2.0.2-109.el6
0:2.0.2-109.el6
redhat/spacewalk-java<0:2.3.8-146.el6
0:2.3.8-146.el6
Oracle Java
Oracle JDK 6=1.6.0-update101
Oracle JDK 6=1.7.0-update85
Oracle JDK 6=1.8.0-update60
Oracle Java Runtime Environment (JRE)=1.6.0-update_101
Oracle Java Runtime Environment (JRE)=1.7.0-update_85
Oracle Java Runtime Environment (JRE)=1.8.0-update_60
Oracle Java Runtime Environment (JRE)=1.6.0-update101
Oracle Java Runtime Environment (JRE)=1.7.0-update85
Oracle Java Runtime Environment (JRE)=1.8.0-update60
redhat satellite=5.6
redhat satellite=5.7
redhat enterprise Linux desktop=5.0
redhat enterprise Linux desktop=6.0
redhat enterprise Linux desktop=7.0
redhat enterprise Linux eus=6.7
redhat enterprise Linux eus=7.2
redhat enterprise Linux eus=7.3
redhat enterprise Linux eus=7.4
redhat enterprise Linux eus=7.5
Red Hat Enterprise Linux=7.2
Red Hat Enterprise Linux=7.3
redhat enterprise Linux for ibm z systems=5.0_s390x
redhat enterprise Linux for ibm z systems=6.0_s390x
redhat enterprise Linux for ibm z systems=7.0_s390x
redhat enterprise Linux for ibm z systems eus=6.7_s390x
redhat enterprise Linux for ibm z systems eus=7.2_s390x
redhat enterprise Linux for ibm z systems eus=7.3_s390x
redhat enterprise Linux for ibm z systems eus=7.4_s390x
redhat enterprise Linux for ibm z systems eus=7.5_s390x
redhat enterprise Linux for power big endian=5.0_ppc
redhat enterprise Linux for power big endian=6.0_ppc64
redhat enterprise Linux for power big endian=7.0_ppc64
redhat enterprise Linux for power big endian eus=6.7_ppc64
redhat enterprise Linux for power big endian eus=7.2_ppc64
redhat enterprise Linux for power big endian eus=7.3_ppc64
redhat enterprise Linux for power big endian eus=7.4_ppc64
redhat enterprise Linux for power big endian eus=7.5_ppc64
redhat enterprise Linux for power little endian=7.0_ppc64le
redhat enterprise Linux for power little endian eus=7.2_ppc64le
redhat enterprise Linux for power little endian eus=7.3_ppc64le
redhat enterprise Linux for power little endian eus=7.4_ppc64le
redhat enterprise Linux for power little endian eus=7.5_ppc64le
redhat enterprise Linux for scientific computing=6.0
redhat enterprise Linux for scientific computing=7.0
redhat enterprise Linux server=5.0
redhat enterprise Linux server=6.0
redhat enterprise Linux server=7.0
Red Hat Enterprise Linux Server Supplementary EUS=5.0
Red Hat Enterprise Linux Server Supplementary EUS=6.0
Red Hat Enterprise Linux Server Supplementary EUS=7.0
redhat enterprise Linux workstation=5.0
redhat enterprise Linux workstation=6.0
redhat enterprise Linux workstation=7.0
SUSE Linux Enterprise Module for Legacy=12
openSUSE=42.1
openSUSE=13.2
SUSE Linux Enterprise Server=10-sp4
SUSE Linux Enterprise Server=11-sp2
SUSE Linux Enterprise Server=11-sp3
suse linux enterprise server vmware=11-sp3
SUSE Linux Enterprise Server=11-sp4
SUSE Linux Enterprise Server=12
SUSE Linux Enterprise Server=12-sp1
SUSE Linux Enterprise Software Development Kit=11-sp3
SUSE Linux Enterprise Software Development Kit=11-sp4
SUSE Linux Enterprise Software Development Kit=12
SUSE Linux Enterprise Software Development Kit=12-sp1
=1.6.0-update101
=1.7.0-update85
=1.8.0-update60
=1.6.0-update101
=1.7.0-update85
=1.8.0-update60
=5.6
=5.7
=5.0
=6.0
=7.0
=6.7
=7.2
=7.3
=7.4
=7.5
=7.2
=7.3
=5.0_s390x
=6.0_s390x
=7.0_s390x
=6.7_s390x
=7.2_s390x
=7.3_s390x
=7.4_s390x
=7.5_s390x
=5.0_ppc
=6.0_ppc64
=7.0_ppc64
=6.7_ppc64
=7.2_ppc64
=7.3_ppc64
=7.4_ppc64
=7.5_ppc64
=7.0_ppc64le
=7.2_ppc64le
=7.3_ppc64le
=7.4_ppc64le
=7.5_ppc64le
=6.0
=7.0
=5.0
=6.0
=7.0
=5.0
=6.0
=7.0
=5.0
=6.0
=7.0
=12
=42.1
=13.2
=10-sp4
=11-sp2
=11-sp3
=11-sp3
=11-sp4
=12
=12-sp1
=11-sp3
=11-sp4
=12
=12-sp1

Remedy

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2015-4902?

    CVE-2015-4902 has a CVSSv2 score of 5.0, indicating a medium severity vulnerability.

  • What components are affected by CVE-2015-4902?

    CVE-2015-4902 affects the Deployment component within Oracle Java SE versions 6u105, 7u91, and 8u65.

  • How do I fix CVE-2015-4902?

    To mitigate CVE-2015-4902, update to the fixed versions of Oracle Java SE as recommended by Oracle.

  • What versions of Java are impacted by CVE-2015-4902?

    CVE-2015-4902 impacts Oracle Java SE versions 6u105, 7u91, and 8u65.

  • Is there a known exploit for CVE-2015-4902?

    As of now, specific exploits for CVE-2015-4902 have not been publicly documented.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203