Attacker Value
Unknown
(1 user assessed)
Exploitability
Unknown
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
2

CVE-2015-2590

Disclosure Date: July 16, 2015
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

Add Assessment

1
Technical Analysis

Reported as exploited in the wild as part of Google’s 2020 0day vulnerability spreadsheet they made available at https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786. Original tweet announcing this spreadsheet with the 2020 findings can be found at https://twitter.com/maddiestone/status/1329837665378725888

CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • canonical,
  • debian,
  • opensuse,
  • oracle,
  • redhat,
  • suse

Products

  • debian linux 7.0,
  • debian linux 8.0,
  • enterprise linux desktop 5.0,
  • enterprise linux desktop 6.0,
  • enterprise linux desktop 7.0,
  • enterprise linux eus 6.6,
  • enterprise linux eus 6.7,
  • enterprise linux eus 7.1,
  • enterprise linux eus 7.2,
  • enterprise linux eus 7.3,
  • enterprise linux eus 7.4,
  • enterprise linux eus 7.5,
  • enterprise linux for ibm z systems 6.0 s390x,
  • enterprise linux for ibm z systems eus 6.7 s390x,
  • enterprise linux for ibm z systems eus 7.1 s390x,
  • enterprise linux for ibm z systems eus 7.2 s390x,
  • enterprise linux for ibm z systems eus 7.3 s390x,
  • enterprise linux for ibm z systems eus 7.4 s390x,
  • enterprise linux for ibm z systems eus 7.5 s390x,
  • enterprise linux for power big endian 6.0 ppc64,
  • enterprise linux for power big endian 7.0 ppc64,
  • enterprise linux for power big endian eus 6.7 ppc64,
  • enterprise linux for power big endian eus 7.1 ppc64,
  • enterprise linux for power big endian eus 7.2 ppc64,
  • enterprise linux for power big endian eus 7.3 ppc64,
  • enterprise linux for power big endian eus 7.4 ppc64,
  • enterprise linux for power big endian eus 7.5 ppc64,
  • enterprise linux for power little endian 7.0 ppc64le,
  • enterprise linux for power little endian eus 7.1 ppc64le,
  • enterprise linux for power little endian eus 7.2 ppc64le,
  • enterprise linux for power little endian eus 7.3 ppc64le,
  • enterprise linux for power little endian eus 7.4 ppc64le,
  • enterprise linux for power little endian eus 7.5 ppc64le,
  • enterprise linux server 5.0,
  • enterprise linux server 6.0,
  • enterprise linux server 7.0,
  • enterprise linux server aus 6.6,
  • enterprise linux server aus 7.3,
  • enterprise linux server aus 7.4,
  • enterprise linux server aus 7.6,
  • enterprise linux server aus 7.7,
  • enterprise linux server tus 6.6,
  • enterprise linux server tus 7.3,
  • enterprise linux server tus 7.6,
  • enterprise linux server tus 7.7,
  • enterprise linux workstation 5.0,
  • enterprise linux workstation 6.0,
  • enterprise linux workstation 7.0,
  • jdk 1.6.0,
  • jdk 1.7.0,
  • jdk 1.8.0,
  • jre 1.6.0,
  • jre 1.7.0,
  • jre 1.8.0,
  • linux enterprise debuginfo 11,
  • linux enterprise desktop 11,
  • linux enterprise desktop 12,
  • linux enterprise server 12,
  • opensuse 13.1,
  • opensuse 13.2,
  • satellite 5.6,
  • satellite 5.7,
  • ubuntu linux 12.04,
  • ubuntu linux 14.04,
  • ubuntu linux 15.04

Exploited in the Wild

Reported by:

Additional Info

Technical Analysis