CVE-2015-4882
OpenJDK: incorrect String object deserialization in IIOPInputStream (CORBA, 8076387)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA.
Vulnerabilidad no especificada en Oracle Java SE 6u101, 7u85 y 8u60 y Java SE Embedded 8u51, permite a atacantes remotos afectar a la disponibilidad a través de vectores relacionados con CORBA.
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-06-24 CVE Reserved
- 2015-10-21 CVE Published
- 2024-08-06 CVE Updated
- 2025-04-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (36)
URL | Tag | Source |
---|---|---|
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | X_refsource_confirm |
|
http://www.securityfocus.com/bid/77181 | Vdb Entry | |
http://www.securitytracker.com/id/1033884 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | 2022-05-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Jdk Search vendor "Oracle" for product "Jdk" | 1.6.0 Search vendor "Oracle" for product "Jdk" and version "1.6.0" | update101 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jdk Search vendor "Oracle" for product "Jdk" | 1.7.0 Search vendor "Oracle" for product "Jdk" and version "1.7.0" | update85 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jdk Search vendor "Oracle" for product "Jdk" | 1.8.0 Search vendor "Oracle" for product "Jdk" and version "1.8.0" | update51 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jdk Search vendor "Oracle" for product "Jdk" | 1.8.0 Search vendor "Oracle" for product "Jdk" and version "1.8.0" | update60 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | 1.6.0 Search vendor "Oracle" for product "Jre" and version "1.6.0" | update_101 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | 1.7.0 Search vendor "Oracle" for product "Jre" and version "1.7.0" | update_85 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | 1.8.0 Search vendor "Oracle" for product "Jre" and version "1.8.0" | update_51 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | 1.8.0 Search vendor "Oracle" for product "Jre" and version "1.8.0" | update_60 |
Affected
|