MediumCISA KEVExploited in the wildPublic exploit

Java Deployment click-to-play bypass in Oracle Java SE

IdentifiersCVE-2015-4902CWE-693

CVE-2015-4902 is an unspecified vulnerability in the Deployment component of Oracle Java SE 6u101, 7u85, and 8u60. Oracle states that it allows remote attackers to affect integrity via unknown vectors. The provided context further characterizes the issue as a Java "click-to-play bypass" and notes its use by APT28/Sednit as a defense-evasion mechanism and as a Java 0-day in Sedkit operations. Based on the available information, the flaw appears to permit bypass of a Java security control in the deployment/browser-launch path, but the precise vulnerable function, root cause, and exploit mechanics are not provided in the source material.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows a remote attacker to bypass a Java security feature associated with Deployment/click-to-play behavior and affect integrity. In practical terms, this can reduce or remove a user-facing protection barrier intended to prevent or gate active content execution, enabling follow-on malicious Java content execution or delivery with less user friction. The exact downstream impact beyond integrity effects is not specified in the provided material.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, reduce exposure by disabling or removing the Java browser plugin and Java Deployment functionality where not strictly required, enforcing browser controls that block Java content, and restricting execution of untrusted web content. Enterprise controls that prevent or tightly govern Java applet execution and browser plugin use would also reduce exploitability. Monitoring for suspicious Java-driven web activity and exploit-kit delivery chains may provide additional detection value, but the specific exploit indicators for this CVE are not available in the provided content.

Remediation

Patch, then assume compromise.

Apply Oracle's security updates that address CVE-2015-4902 by upgrading from affected releases Oracle Java SE 6u101, 7u85, and 8u60 to a fixed version provided by Oracle. Because the flaw was used as a 0-day in the wild, priority should be given to patching systems where browser-based Java deployment was enabled.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

OpensuseLeapoperating_system

OpensuseOpensuseoperating_system

OracleJdkapplication

OracleJreapplication

Red HatEnterprise Linux Desktopoperating_system

Red HatEnterprise Linux Eusoperating_system

Red HatEnterprise Linux Eus Compute Nodeoperating_system

Red HatEnterprise Linux For Ibm Z Systemsoperating_system

Red HatEnterprise Linux For Ibm Z Systems Eusoperating_system

Red HatEnterprise Linux For Power Big Endianoperating_system

Red HatEnterprise Linux For Power Big Endian Eusoperating_system

Red HatEnterprise Linux For Power Little Endianoperating_system

Red HatEnterprise Linux For Power Little Endian Eusoperating_system

Red HatEnterprise Linux For Scientific Computingoperating_system

Red HatEnterprise Linux Serveroperating_system

Red HatEnterprise Linux Server From Rhuioperating_system

Red HatEnterprise Linux Workstationoperating_system

Red HatSatelliteapplication

SuseLinux Enterprise Module For Legacyapplication

SuseLinux Enterprise Serveroperating_system

SuseLinux Enterprise Software Development Kitoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app

mitre attack websiteNews

Oct 1, 2016

APT28, IRON TWILIGHT, SNAKEMACKEREL, Swallowtail, Group 74, Sednit, Sofacy, Pawn Storm, Fancy Bear, STRONTIUM, Tsar Team, Threat Group-4127, TG-4127, Forest Blizzard, FROZENLAKE, GruesomeLarch, Group G0007 | MITRE ATT&CK®

A vulnerability used by APT28 to bypass security features for defense evasion.

eset welivesecurity blogNews

Mar 13, 2026

A 2015 Java click-to-play bypass vulnerability cited as one of the zero-days exploited by the Sednit group.

eset welivesecurity blogNews

Mar 13, 2026

A Java click-to-play bypass vulnerability exploited by Sedkit as a 0-day in targeted attacks.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence4

Every observed campaign linking this CVE to a named adversary.

Associated malware2

Malware families riding this exploit, with evidence and IOCs.

Detection signatures2

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2015-4902

NVD

nvd.nist.gov/vuln/detail/CVE-2015-4902

MITRE CWE · CWE-693

cwe.mitre.org

Patch

oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Third Party Advisory

lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html

Third Party Advisory

lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html

Third Party Advisory

lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html

Third Party Advisory

lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html

Third Party Advisory

lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html

Third Party Advisory

lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html

Third Party Advisory

lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html

Third Party Advisory

lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html

+12 more references

view more in app