Search for vulnerabilities
Vulnerability details: VCID-u9pq-umxr-aaaa
Vulnerability ID VCID-u9pq-umxr-aaaa
Aliases CVE-2015-4840
Summary Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-125 Out-of-bounds Read
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4840.html
rhas Important https://access.redhat.com/errata/RHSA-2015:1919
rhas Critical https://access.redhat.com/errata/RHSA-2015:1920
rhas Important https://access.redhat.com/errata/RHSA-2015:1921
rhas Critical https://access.redhat.com/errata/RHSA-2015:1926
rhas Critical https://access.redhat.com/errata/RHSA-2015:1927
rhas Critical https://access.redhat.com/errata/RHSA-2015:2506
rhas Critical https://access.redhat.com/errata/RHSA-2015:2507
rhas Critical https://access.redhat.com/errata/RHSA-2015:2509
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.00835 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.00835 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.00835 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.00835 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.01734 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.02252 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
epss 0.04348 https://api.first.org/data/v1/epss?cve=CVE-2015-4840
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1273338
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4840
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2015-4840
generic_textual Medium https://ubuntu.com/security/notices/USN-2784-1
cvssv3.1 7.5 http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4840.html
http://rhn.redhat.com/errata/RHSA-2015-1919.html
http://rhn.redhat.com/errata/RHSA-2015-1920.html
http://rhn.redhat.com/errata/RHSA-2015-1921.html
http://rhn.redhat.com/errata/RHSA-2015-1926.html
http://rhn.redhat.com/errata/RHSA-2015-1927.html
http://rhn.redhat.com/errata/RHSA-2015-2506.html
http://rhn.redhat.com/errata/RHSA-2015-2507.html
http://rhn.redhat.com/errata/RHSA-2015-2509.html
https://access.redhat.com/errata/RHSA-2016:1430
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4840.json
https://api.first.org/data/v1/epss?cve=CVE-2015-4840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911
https://security.gentoo.org/glsa/201603-11
https://security.gentoo.org/glsa/201603-14
https://ubuntu.com/security/notices/USN-2784-1
http://www.debian.org/security/2015/dsa-3381
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/77242
http://www.securitytracker.com/id/1033884
http://www.ubuntu.com/usn/USN-2784-1
1273338 https://bugzilla.redhat.com/show_bug.cgi?id=1273338
cpe:2.3:a:oracle:jdk:1.7.0:update85:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update85:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update51:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update51:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update60:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update60:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update_85:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update_85:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update_51:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update_51:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update_60:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update_60:*:*:*:*:*:*
CVE-2015-4840 https://nvd.nist.gov/vuln/detail/CVE-2015-4840
RHSA-2015:1919 https://access.redhat.com/errata/RHSA-2015:1919
RHSA-2015:1920 https://access.redhat.com/errata/RHSA-2015:1920
RHSA-2015:1921 https://access.redhat.com/errata/RHSA-2015:1921
RHSA-2015:1926 https://access.redhat.com/errata/RHSA-2015:1926
RHSA-2015:1927 https://access.redhat.com/errata/RHSA-2015:1927
RHSA-2015:2506 https://access.redhat.com/errata/RHSA-2015:2506
RHSA-2015:2507 https://access.redhat.com/errata/RHSA-2015:2507
RHSA-2015:2509 https://access.redhat.com/errata/RHSA-2015:2509
USN-2784-1 https://usn.ubuntu.com/2784-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-4840
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.81961
EPSS Score 0.00789
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.