Multiple vulnerabilities were reported in Oracle Java SE. A remote user can gain elevated privileges. A remote user can access and modify data on the target system. A remote user can cause denial of service conditions on the target system. A local user can obtain elevated privileges on the target system.
Is Spectrum affected by the following JAVA vulnerabilities?
A remote user can exploit a flaw in the Embedded CORBA component to gain elevated privileges [CVE-2015-4835, CVE-2015-4881].
A remote user can exploit a flaw in the Java SE Embedded Libraries component to gain elevated privileges [CVE-2015-4843, CVE-2015-4868].
A remote user can exploit a flaw in the Embedded RMI component to gain elevated privileges [CVE-2015-4860, CVE-2015-4883].
A remote user can exploit a flaw in the Embedded Serialization component to gain elevated privileges [CVE-2015-4805].
A remote user can exploit a flaw in the Embedded 2D component to gain elevated privileges [CVE-2015-4844].
A remote user can exploit a flaw in the JavaFX component to gain elevated privileges [CVE-2015-4901].
A local user can exploit a flaw in the Java SE Deployment component to gain elevated privileges [CVE-2015-4810].
A remote user can exploit a flaw in the Java SE Embedded Libraries component to partially access and partially modify data [CVE-2015-4806].
A remote user can exploit a flaw in the Java SE Libraries component to partially access and partially modify data [CVE-2015-4871].
A remote user can exploit a flaw in the Java SE Deployment component to partially modify data [CVE-2015-4902].
A remote user can exploit a flaw in the Embedded 2D component to partially access data [CVE-2015-4840].
A remote user can exploit a flaw in the Embedded CORBA component to cause partial denial of service conditions [CVE-2015-4882].
A remote user can exploit a flaw in the Embedded JAXP component to partially access data [CVE-2015-4842].
A remote user can exploit a flaw in the Embedded JGSS component to partially access data [CVE-2015-4734].
A remote user can exploit a flaw in the Embedded RMI component to partially access data [CVE-2015-4903].
A remote user can exploit a flaw in the JRockit JAXP component to cause partial denial of service conditions [CVE-2015-4803, CVE-2015-4893, CVE-2015-4911].
A remote user can exploit a flaw in the JRockit Security component to partially modify data [CVE-2015-4872].
A remote user can exploit a flaw in the JavaFX component to partially access data [CVE-2015-4906, CVE-2015-4908, CVE-2015-4916].
Impact:
A remote user can obtain data on the target system.
A remote user can modify data on the target system.
A remote user can cause denial of service conditions.
A local user can obtain elevated privileges on the target system.
A remote user can gain elevated privileges on the target system.
Affected OS(s):
Linux (Any), UNIX (Solaris - SunOS), Windows (Any)
Affected Version(s):
6u101, 7u85, 8u60; Embedded 8u51
CVE:
CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4868, CVE-2015-4871, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4901, CVE-2015-4902, CVE-2015-4903, CVE-2015-4906, CVE-2015-4908, CVE-2015-4911, CVE-2015-4916
Spectrum 10.2 addresses these JAVA vulnerabilities.
Oracle has issued a fix as part of the October 2105 Oracle Critical Patch Update.
The vendor's advisory is available at:
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
Reference(s):
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html