National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Vulnerability Change Record for CVE-2015-4872

Change History

Modified Analysis - 10/22/2015 12:04:02 PM

Action Type Old Value New Value
Changed Reference Type
http://www.oracle.com/technetwork/topics/security/alerts-086861.html No Types Assigned
http://www.oracle.com/technetwork/topics/security/alerts-086861.html Advisory, Patch
Added CWE
NVD-CWE-noinfo
Added CVSS V2
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Added Evaluator Description
Per <a href="http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html">LINK</a>:  Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
Added CPE Configuration
Configuration 1
     OR
          *cpe:2.3:a:oracle:jre:1.6.0:update_101:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_101:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update_85:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update_85:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.8.0:update_60:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.8.0:update_60:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.8.0:update_51:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.8.0:update_51:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:oracle:jrockit:r28.3.7:*:*:*:*:*:*:*