CVE-2015-4843

Oracle Java SE <8 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-4843. PoCs published by Soteria-Research.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2015-4843, demonstrating type confusion and overflow vulnerabilities in Java. The exploit leverages memory manipulation to disable the Java Security Manager, showcasing the vulnerability's impact on managed runtimes.

Description

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

Exploits (1)

nomisec WORKING POC
by Soteria-Research · poc
https://github.com/Soteria-Research/cve-2015-4843-type-confusion-phrack

This repository contains a proof-of-concept exploit for CVE-2015-4843, demonstrating type confusion and overflow vulnerabilities in Java. The exploit leverages memory manipulation to disable the Java Security Manager, showcasing the vulnerability's impact on managed runtimes.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Java Runtime Environment (JRE) with vulnerable versions affected by CVE-2015-4843
No auth needed
Prerequisites: Access to a vulnerable JRE environment · Ability to execute Java code on the target system
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (35)

Core 35
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-2507.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1928.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-2506.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-2509.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1919.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201603-11
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1920.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-2518.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201603-14
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1927.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1921.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3381
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1926.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/77160
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-2508.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2784-1
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:1430
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033884
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2827-1

Scores

EPSS 0.0999
EPSS Percentile 95.1%

Details

Status published
Products (6)
oracle/jdk 1.6.0 update101
oracle/jdk 1.7.0 update85
oracle/jdk 1.8.0 update51 (2 CPE variants)
oracle/jre 1.6.0 update_101
oracle/jre 1.7.0 update_85
oracle/jre 1.8.0 update_51 (2 CPE variants)
Published Oct 21, 2015
Tracked Since Feb 18, 2026