{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-14T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect integrity via unknown vectors related to Hotspot."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"name": "DSA-3235", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3235"}, {"name": "74149", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74149"}, {"name": "DSA-3316", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3316"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"}, {"name": "1032120", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032120"}, {"name": "GLSA-201603-11", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201603-11"}, {"name": "openSUSE-SU-2015:0773", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html"}, {"name": "DSA-3234", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3234"}, {"name": "RHSA-2015:0809", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0809.html"}, {"name": "RHSA-2015:0854", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0854.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2015-0470", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect integrity via unknown vectors related to Hotspot."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3235", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3235"}, {"name": "74149", "refsource": "BID", "url": "http://www.securityfocus.com/bid/74149"}, {"name": "DSA-3316", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3316"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"}, {"name": "1032120", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032120"}, {"name": "GLSA-201603-11", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-11"}, {"name": "openSUSE-SU-2015:0773", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html"}, {"name": "DSA-3234", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3234"}, {"name": "RHSA-2015:0809", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0809.html"}, {"name": "RHSA-2015:0854", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0854.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:10:11.038Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3235", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3235"}, {"name": "74149", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74149"}, {"name": "DSA-3316", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3316"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"}, {"name": "1032120", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032120"}, {"name": "GLSA-201603-11", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201603-11"}, {"name": "openSUSE-SU-2015:0773", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html"}, {"name": "DSA-3234", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3234"}, {"name": "RHSA-2015:0809", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0809.html"}, {"name": "RHSA-2015:0854", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0854.html"}]}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2015-0470", "datePublished": "2015-04-16T16:00:00", "dateReserved": "2014-12-17T00:00:00", "dateUpdated": "2024-08-06T04:10:11.038Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update40:*:*:*:*:*:*", "matchCriteriaId": "8348D050-22EF-49AC-960A-ADBA1441FFC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update40:*:*:*:*:*:*", "matchCriteriaId": "BB2AF8BC-7643-4CBF-83C0-CA4656AC4FB4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect integrity via unknown vectors related to Hotspot."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Oracle Java SE 8u40 permite a atacantes remotos afectar la integridad a trav\u00e9s de vectores desconocidos relacionados con Hotspot."}], "evaluatorComment": "Per Oracle: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. (http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html)", "id": "CVE-2015-0470", "lastModified": "2022-05-13T14:57:21.057", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-04-16T16:59:24.817", "references": [{"source": "secalert_us@oracle.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0809.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0854.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.debian.org/security/2015/dsa-3234"}, {"source": "secalert_us@oracle.com", "url": "http://www.debian.org/security/2015/dsa-3235"}, {"source": "secalert_us@oracle.com", "url": "http://www.debian.org/security/2015/dsa-3316"}, {"source": "secalert_us@oracle.com", "tags": ["Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.securityfocus.com/bid/74149"}, {"source": "secalert_us@oracle.com", "url": "http://www.securitytracker.com/id/1032120"}, {"source": "secalert_us@oracle.com", "url": "https://security.gentoo.org/glsa/201603-11"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:0854", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6", "package": "java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el6_6", "product_name": "Oracle Java for Red Hat Enterprise Linux 6", "release_date": "2015-04-17T00:00:00Z"}, {"advisory": "RHSA-2015:0854", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7", "package": "java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el7_1", "product_name": "Oracle Java for Red Hat Enterprise Linux 7", "release_date": "2015-04-17T00:00:00Z"}, {"advisory": "RHSA-2015:0809", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "java-1.8.0-openjdk-1:1.8.0.45-28.b13.el6_6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-04-15T00:00:00Z"}, {"advisory": "RHSA-2015:0809", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "java-1.8.0-openjdk-1:1.8.0.45-30.b13.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-04-15T00:00:00Z"}], "bugzilla": {"description": "OpenJDK: incorrect handling of default methods (Hotspot, 8065366)", "id": "1211387", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211387"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "details": ["Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect integrity via unknown vectors related to Hotspot.", "A flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions."], "name": "CVE-2015-0470", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "java-1.6.0-openjdk", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "java-1.6.0-sun", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "java-1.7.0-openjdk", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "java-1.7.0-oracle", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.6.0-openjdk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.6.0-sun", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.7.0-openjdk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.7.0-oracle", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "java-1.6.0-openjdk", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "java-1.6.0-sun", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "java-1.7.0-openjdk", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "java-1.7.0-oracle", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-04-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-0470\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0470\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA"], "threat_severity": "Moderate"}