HTTP: Oracle Java SE CVE-2015-2590 Library Calls Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Oracle Java while loading libraries through unspecified vectors. A successful attack can lead to arbitrary code execution.
Extended Description
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.
Affected Products
Canonical ubuntu_linux
Short Name
HTTP:STC:JAVA:JAVASE-LIBCALL-CE
Severity
Critical
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2015-2590 Calls Code Execution Java Library Oracle Remote SE
Release Date
11/24/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3724
False Positive
Unknown
Vendors
Suse
Redhat
Opensuse
Oracle
Debian
Canonical
CVSS Score
10.0