VAR-201504-0247
Vulnerability from variot - Updated: 2025-12-22 22:03The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. (plaintext-recovery attack) There is a vulnerability that can be executed. RC4 is a stream encryption algorithm with variable key length developed by American software developer Ronald Rivest. The algorithm consists of a pseudo-random number generator and an XOR operation, and supports encryption and decryption using the same key. There is a security loophole in the RC4 algorithm used in the TLS protocol and the SSL protocol.
For the oldstable distribution (wheezy), these problems have been fixed in version 7u79-2.5.6-1~deb7u1.
For the stable distribution (jessie), these problems have been fixed in version 7u79-2.5.6-1~deb8u1.
For the unstable distribution (sid), these problems have been fixed in version 7u79-2.5.6-1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04779034
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04779034 Version: 2
HPSBST03418 rev.2 - HP P6000 Command View Software, Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-09-15 Last Updated: 2015-10-01
Potential Security Impact: Remote disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerabilities have been identified with HP P6000 Command View Software . They are the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", and the RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" which could be exploited remotely to allow disclosure of information.
References:
CVE-2014-3566 - "POODLE" CVE-2015-2808 - "Bar Mitzvah" SSRT102013
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP P6000 Command View Software v10.3.6 and earlier running on Windows and Linux
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-2808 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has released the following software update to resolve the vulnerability in HP P6000 Command View Software.
HP P6000 Command View Software v10.3.7
The HP P6000 Command View 10.3.7 software can be obtained at the HP Support Center here: http://h20565.www2.hpe.com/portal/site/hpsc by signing into your HP Passport account. Note: A valid HP Passport account is required to access this software. For more information about downloading this software, contact your HP representative.
HISTORY Version:1 (rev.1) - 15 September 2015 Initial release Version:2 (rev.2) - 1 October 2015 Added CVE-2015-2808, added documentation on how to find the update.
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Content-Disposition: inline
==========================================================================Ubuntu Security Notice USN-2696-1 July 30, 2015
openjdk-7 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in OpenJDK 7.
Software Description: - openjdk-7: Open Source Java implementation
Details:
Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-2590, CVE-2015-2628, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4760, CVE-2015-4748)
Several vulnerabilities were discovered in the cryptographic components of the OpenJDK JRE. An attacker could exploit these to expose sensitive data over the network. An attacker could exploit these to expose sensitive data over the network. A remote attacker could exploit this to cause a denial of service. (CVE-2015-4749)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: icedtea-7-jre-jamvm 7u79-2.5.6-0ubuntu1.15.04.1 openjdk-7-jdk 7u79-2.5.6-0ubuntu1.15.04.1 openjdk-7-jre 7u79-2.5.6-0ubuntu1.15.04.1 openjdk-7-jre-headless 7u79-2.5.6-0ubuntu1.15.04.1 openjdk-7-jre-lib 7u79-2.5.6-0ubuntu1.15.04.1 openjdk-7-jre-zero 7u79-2.5.6-0ubuntu1.15.04.1
Ubuntu 14.04 LTS: icedtea-7-jre-jamvm 7u79-2.5.6-0ubuntu1.14.04.1 openjdk-7-jdk 7u79-2.5.6-0ubuntu1.14.04.1 openjdk-7-jre 7u79-2.5.6-0ubuntu1.14.04.1 openjdk-7-jre-headless 7u79-2.5.6-0ubuntu1.14.04.1 openjdk-7-jre-lib 7u79-2.5.6-0ubuntu1.14.04.1 openjdk-7-jre-zero 7u79-2.5.6-0ubuntu1.14.04.1
This update uses a new upstream release, which includes additional bug fixes.
- The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. HP Integration Adaptor v9.12. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: java-1.6.0-openjdk security update Advisory ID: RHSA-2015:1526-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1526.html Issue date: 2015-07-30 CVE Names: CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 =====================================================================
- Summary:
Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7.
Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit.
Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733)
A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748)
It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601)
A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808)
Note: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change.
A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them to decrypt all traffic. (CVE-2015-4000)
Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change.
It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749)
Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632)
A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625)
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1207101 - CVE-2015-2808 SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher 1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks 1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694) 1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865) 1242232 - CVE-2015-2628 OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376) 1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397) 1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405) 1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409) 1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374) 1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853) 1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378) 1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520) 1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715) 1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11.src.rpm
i386: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el5_11.i386.rpm java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el5_11.i386.rpm java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el5_11.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el5_11.i386.rpm java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el5_11.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11.src.rpm
i386: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el5_11.i386.rpm java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el5_11.i386.rpm java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el5_11.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el5_11.i386.rpm java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el5_11.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.src.rpm
i386: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.i686.rpm java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el6_7.i686.rpm java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el6_7.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el6_7.i686.rpm java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el6_7.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.src.rpm
x86_64: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.src.rpm
i386: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.i686.rpm java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el6_7.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el6_7.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.i686.rpm java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el6_7.i686.rpm java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el6_7.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.src.rpm
i386: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.i686.rpm java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el6_7.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el6_7.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.i686.rpm java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el6_7.i686.rpm java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el6_7.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.src.rpm
x86_64: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.src.rpm
x86_64: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.src.rpm
ppc64: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.ppc64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.ppc64.rpm java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el7_1.ppc64.rpm
s390x: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.s390x.rpm java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.s390x.rpm java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el7_1.s390x.rpm
x86_64: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.ppc64.rpm java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el7_1.ppc64.rpm java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el7_1.ppc64.rpm java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el7_1.ppc64.rpm
s390x: java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.s390x.rpm java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el7_1.s390x.rpm java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el7_1.s390x.rpm java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el7_1.s390x.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.src.rpm
x86_64: java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-2590 https://access.redhat.com/security/cve/CVE-2015-2601 https://access.redhat.com/security/cve/CVE-2015-2621 https://access.redhat.com/security/cve/CVE-2015-2625 https://access.redhat.com/security/cve/CVE-2015-2628 https://access.redhat.com/security/cve/CVE-2015-2632 https://access.redhat.com/security/cve/CVE-2015-2808 https://access.redhat.com/security/cve/CVE-2015-4000 https://access.redhat.com/security/cve/CVE-2015-4731 https://access.redhat.com/security/cve/CVE-2015-4732 https://access.redhat.com/security/cve/CVE-2015-4733 https://access.redhat.com/security/cve/CVE-2015-4748 https://access.redhat.com/security/cve/CVE-2015-4749 https://access.redhat.com/security/cve/CVE-2015-4760 https://access.redhat.com/security/updates/classification/#important https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11 https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFVulvzXlSAg2UNWIIRAmaeAJoCxD34LErxdkOHHsYpS21hu8NJ7ACgnbxy AM58F212G/DZWyApoAfiS38= =UmAX -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 5) - i386, ppc, s390x, x86_64
- Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
606442 - CVE-2005-1080 jar: directory traversal vulnerability 1207101 - CVE-2015-2808 SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher 1210355 - CVE-2015-0478 OpenJDK: RSA implementation hardening (JCE, 8071726) 1210829 - CVE-2015-0469 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) 1211299 - CVE-2015-0477 OpenJDK: incorrect permissions check in resource loading (Beans, 8068320) 1211504 - CVE-2015-0480 OpenJDK: jar directory traversal issues (Tools, 8064601) 1211543 - CVE-2015-0488 OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720) 1211768 - CVE-2015-0459 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1211769 - CVE-2015-0491 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1211771 - CVE-2015-0458 Oracle JDK: unspecified vulnerability fixed in 6u95, 7u79 and 8u45 (Deployment) 1219212 - CVE-2015-0192 IBM JDK: unspecified Java sandbox restrictions bypass 1219215 - CVE-2015-1914 IBM JDK: unspecified partial Java sandbox restrictions bypass 1219223 - CVE-2015-0138 IBM JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites (FREAK)
6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0247",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "s3700",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "sparc enterprise m5000",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp_1121"
},
{
"model": "smc2.0",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "v100r002c01"
},
{
"model": "integrated lights out manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.0"
},
{
"model": "smc2.0",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "v100r002c04"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "oceanstor 18500",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "communications application session controller",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "communications application session controller",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.9.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.04"
},
{
"model": "oceanstor 18800f",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor s6800t",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "sparc enterprise m3000",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "s5700hi",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "cognos metrics manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "10"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "oceanstor 9000",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "s5720ei",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.1.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "oceanstor cse",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "s2750",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.1"
},
{
"model": "oceanstor s2600t",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "policy center",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "v100r003c00"
},
{
"model": "sparc enterprise m4000",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp_1121"
},
{
"model": "satellite",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.7"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "cognos metrics manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "integrated lights out manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.11"
},
{
"model": "cognos metrics manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "sparc enterprise m8000",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp_1121"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "integrated lights out manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.4"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "oceanstor hvs85t",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "oceanstor s5800t",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "te60",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "communications policy management",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.9.2"
},
{
"model": "integrated lights out manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "s6700",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "oceanstor s5500t",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "sparc enterprise m9000",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp_1121"
},
{
"model": "ultravr",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "v100r003c00"
},
{
"model": "cognos metrics manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "satellite",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.6"
},
{
"model": "oceanstor replicationdirector",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "v100r003c00"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "oceanstor vis6600t",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "quidway s9300",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "s12700",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "s5710ei",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "s5720hi",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "e6000",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "smc2.0",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "v100r002c03"
},
{
"model": "oceanstor s5600t",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "cognos metrics manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "sparc enterprise m3000",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp_1121"
},
{
"model": "s7700",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "s5700ei",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "s5700s-li",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "s5700si",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "sparc enterprise m4000",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp"
},
{
"model": "manager",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "1.7"
},
{
"model": "s5700li",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "s2700",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "e9000",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "sparc enterprise m5000",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp"
},
{
"model": "policy center",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "v100r003c10"
},
{
"model": "smc2.0",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "v100r002c02"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "9700",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "s5710hi",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "sparc enterprise m8000",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "sparc enterprise m9000",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp"
},
{
"model": "linux enterprise debuginfo",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "oceanstor 18800",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "hitachi developer\u0027s kit for java",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus developer standard",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hp transactionvision",
"scope": null,
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
"version": null
},
{
"model": "hp release control",
"scope": null,
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
"version": null
},
{
"model": "jp1/it desktop management",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "hitachi application server for developers",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "cosminexus developer\u0027s kit for java",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "cosminexus developer standard version 6",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "opera",
"scope": null,
"trust": 0.8,
"vendor": "opera asa",
"version": null
},
{
"model": "oracle java se",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server standard",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "cosminexus developer light version 6",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "oracle jrockit",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "cosminexus primary server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "microsoft internet explorer",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "cosminexus http server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "glassfish",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "hp business process insight",
"scope": null,
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
"version": null
},
{
"model": "oracle communications policy management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "cosminexus developer version 5",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "job management partner 1/it desktop management",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "cosminexus application server standard",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "sparc enterprise m9000 \u30b5\u30fc\u30d0",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "ucosminexus application server smart edition",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "sparc enterprise m4000 \u30b5\u30fc\u30d0",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "jdk",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "ucosminexus server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ucosminexus developer light",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus operator",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hpe data protector",
"scope": null,
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9 \u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba",
"version": null
},
{
"model": "jre",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "jboss enterprise application server",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "hp business process monitor",
"scope": null,
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
"version": null
},
{
"model": "sun glassfish enterprise server",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30f3 \u30de\u30a4\u30af\u30ed\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "ucosminexus client",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "microsoft iis",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "sparc enterprise m5000 \u30b5\u30fc\u30d0",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "sparc enterprise m8000 \u30b5\u30fc\u30d0",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "ucosminexus primary server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "cosminexus developer professional version 6",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "cosminexus application server version 5",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "xcp",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "sparc enterprise m3000 \u30b5\u30fc\u30d0",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "websphere application server",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "cosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi web server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus developer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "firefox",
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002044"
},
{
"db": "NVD",
"id": "CVE-2015-2808"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "133836"
},
{
"db": "PACKETSTORM",
"id": "132890"
},
{
"db": "PACKETSTORM",
"id": "133329"
},
{
"db": "PACKETSTORM",
"id": "133337"
},
{
"db": "PACKETSTORM",
"id": "132345"
},
{
"db": "PACKETSTORM",
"id": "132872"
}
],
"trust": 0.6
},
"cve": "CVE-2015-2808",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-2808",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-2808",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-80769",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2808",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-2808",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULHUB",
"id": "VHN-80769",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80769"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002044"
},
{
"db": "NVD",
"id": "CVE-2015-2808"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue. (plaintext-recovery attack) There is a vulnerability that can be executed. RC4 is a stream encryption algorithm with variable key length developed by American software developer Ronald Rivest. The algorithm consists of a pseudo-random number generator and an XOR operation, and supports encryption and decryption using the same key. There is a security loophole in the RC4 algorithm used in the TLS protocol and the SSL protocol. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 7u79-2.5.6-1~deb7u1. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 7u79-2.5.6-1~deb8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7u79-2.5.6-1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04779034\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04779034\nVersion: 2\n\nHPSBST03418 rev.2 - HP P6000 Command View Software, Remote Disclosure of\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-09-15\nLast Updated: 2015-10-01\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerabilities have been identified with HP P6000\nCommand View Software . They are the SSLv3 vulnerability known as \"Padding\nOracle on Downgraded Legacy Encryption\" also known as \"POODLE\", and the RC4\nstream cipher vulnerability in SSL/TLS known as \"Bar Mitzvah\" which could be\nexploited remotely to allow disclosure of information. \n\nReferences:\n\nCVE-2014-3566 - \"POODLE\"\nCVE-2015-2808 - \"Bar Mitzvah\"\nSSRT102013\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP P6000 Command View Software v10.3.6 and earlier running on Windows and\nLinux\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-2808 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has released the following software update to resolve the vulnerability in\nHP P6000 Command View Software. \n\nHP P6000 Command View Software v10.3.7\n\nThe HP P6000 Command View 10.3.7 software can be obtained at the HP Support\nCenter here: http://h20565.www2.hpe.com/portal/site/hpsc by signing into your\nHP Passport account. \nNote: A valid HP Passport account is required to access this software. For\nmore information about downloading this software, contact your HP\nrepresentative. \n\nHISTORY\nVersion:1 (rev.1) - 15 September 2015 Initial release\nVersion:2 (rev.2) - 1 October 2015 Added CVE-2015-2808, added documentation\non how to find the update. \n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. Content-Disposition: inline\n\n==========================================================================Ubuntu Security Notice USN-2696-1\nJuly 30, 2015\n\nopenjdk-7 vulnerabilities\n==========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenJDK 7. \n\nSoftware Description:\n- openjdk-7: Open Source Java implementation\n\nDetails:\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure, data integrity, and availability. An attacker\ncould exploit these to cause a denial of service or expose sensitive\ndata over the network. (CVE-2015-2590, CVE-2015-2628, CVE-2015-4731,\nCVE-2015-4732, CVE-2015-4733, CVE-2015-4760, CVE-2015-4748)\n\nSeveral vulnerabilities were discovered in the cryptographic components\nof the OpenJDK JRE. An attacker could exploit these to expose sensitive\ndata over the network. An attacker could exploit these to expose\nsensitive data over the network. A remote attacker could exploit\nthis to cause a denial of service. (CVE-2015-4749)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n icedtea-7-jre-jamvm 7u79-2.5.6-0ubuntu1.15.04.1\n openjdk-7-jdk 7u79-2.5.6-0ubuntu1.15.04.1\n openjdk-7-jre 7u79-2.5.6-0ubuntu1.15.04.1\n openjdk-7-jre-headless 7u79-2.5.6-0ubuntu1.15.04.1\n openjdk-7-jre-lib 7u79-2.5.6-0ubuntu1.15.04.1\n openjdk-7-jre-zero 7u79-2.5.6-0ubuntu1.15.04.1\n\nUbuntu 14.04 LTS:\n icedtea-7-jre-jamvm 7u79-2.5.6-0ubuntu1.14.04.1\n openjdk-7-jdk 7u79-2.5.6-0ubuntu1.14.04.1\n openjdk-7-jre 7u79-2.5.6-0ubuntu1.14.04.1\n openjdk-7-jre-headless 7u79-2.5.6-0ubuntu1.14.04.1\n openjdk-7-jre-lib 7u79-2.5.6-0ubuntu1.14.04.1\n openjdk-7-jre-zero 7u79-2.5.6-0ubuntu1.14.04.1\n\nThis update uses a new upstream release, which includes additional\nbug fixes. \n\n - The TLS vulnerability using US export-grade 512-bit keys in\nDiffie-Hellman key exchange known as \"Logjam\" could be exploited remotely to\nallow unauthorized modification. \nHP Integration Adaptor v9.12. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: java-1.6.0-openjdk security update\nAdvisory ID: RHSA-2015:1526-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1526.html\nIssue date: 2015-07-30\nCVE Names: CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 \n CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 \n CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 \n CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 \n CVE-2015-4749 CVE-2015-4760 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-openjdk packages that fix multiple security issues are\nnow available for Red Hat Enterprise Linux 5, 6, and 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux (v. 5 server) - i386, x86_64\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit. \n\nMultiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI\ncomponents in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2015-4760,\nCVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733)\n\nA flaw was found in the way the Libraries component of OpenJDK verified\nOnline Certificate Status Protocol (OCSP) responses. An OCSP response with\nno nextUpdate date specified was incorrectly handled as having unlimited\nvalidity, possibly causing a revoked X.509 certificate to be interpreted as\nvalid. (CVE-2015-4748)\n\nIt was discovered that the JCE component in OpenJDK failed to use constant\ntime comparisons in multiple cases. An attacker could possibly use these\nflaws to disclose sensitive information by measuring the time used to\nperform operations using these non-constant time comparisons. \n(CVE-2015-2601)\n\nA flaw was found in the RC4 encryption algorithm. When using certain keys\nfor RC4 encryption, an attacker could obtain portions of the plain text\nfrom the cipher text without the knowledge of the encryption key. \n(CVE-2015-2808)\n\nNote: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by\ndefault to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug\n1207101, linked to in the References section, for additional details about\nthis change. \n\nA flaw was found in the way the TLS protocol composed the Diffie-Hellman\n(DH) key exchange. A man-in-the-middle attacker could use this flaw to\nforce the use of weak 512 bit export-grade keys during the key exchange,\nallowing them to decrypt all traffic. (CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenJDK to\nreject DH key sizes below 768 bits, which prevents sessions to be\ndowngraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211,\nlinked to in the References section, for additional details about this\nchange. \n\nIt was discovered that the JNDI component in OpenJDK did not handle DNS\nresolutions correctly. An attacker able to trigger such DNS errors could\ncause a Java application using JNDI to consume memory and CPU time, and\npossibly block further DNS resolution. (CVE-2015-4749)\n\nMultiple information leak flaws were found in the JMX and 2D components in\nOpenJDK. An untrusted Java application or applet could use this flaw to\nbypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632)\n\nA flaw was found in the way the JSSE component in OpenJDK performed X.509\ncertificate identity verification when establishing a TLS/SSL connection to\na host identified by an IP address. In certain cases, the certificate was\naccepted as valid if it was issued for a host name to which the IP address\nresolves rather than for the IP address. (CVE-2015-2625)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1207101 - CVE-2015-2808 SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher\n1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks\n1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)\n1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)\n1242232 - CVE-2015-2628 OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376)\n1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397)\n1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405)\n1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)\n1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)\n1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853)\n1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)\n1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)\n1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715)\n1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11.i386.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el5_11.i386.rpm\njava-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el5_11.i386.rpm\njava-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el5_11.i386.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el5_11.i386.rpm\njava-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el5_11.i386.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11.i386.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el5_11.i386.rpm\njava-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el5_11.i386.rpm\njava-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el5_11.i386.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el5_11.i386.rpm\njava-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el5_11.i386.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el6_7.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el6_7.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el6_7.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el6_7.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el6_7.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el6_7.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el6_7.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el6_7.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el6_7.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el6_7.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el6_7.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el6_7.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.src.rpm\n\nppc64:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.ppc64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.ppc64.rpm\njava-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el7_1.ppc64.rpm\n\ns390x:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.s390x.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.s390x.rpm\njava-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el7_1.s390x.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.ppc64.rpm\njava-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el7_1.ppc64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el7_1.ppc64.rpm\njava-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el7_1.ppc64.rpm\n\ns390x:\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.s390x.rpm\njava-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el7_1.s390x.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el7_1.s390x.rpm\njava-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el7_1.s390x.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-2590\nhttps://access.redhat.com/security/cve/CVE-2015-2601\nhttps://access.redhat.com/security/cve/CVE-2015-2621\nhttps://access.redhat.com/security/cve/CVE-2015-2625\nhttps://access.redhat.com/security/cve/CVE-2015-2628\nhttps://access.redhat.com/security/cve/CVE-2015-2632\nhttps://access.redhat.com/security/cve/CVE-2015-2808\nhttps://access.redhat.com/security/cve/CVE-2015-4000\nhttps://access.redhat.com/security/cve/CVE-2015-4731\nhttps://access.redhat.com/security/cve/CVE-2015-4732\nhttps://access.redhat.com/security/cve/CVE-2015-4733\nhttps://access.redhat.com/security/cve/CVE-2015-4748\nhttps://access.redhat.com/security/cve/CVE-2015-4749\nhttps://access.redhat.com/security/cve/CVE-2015-4760\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVulvzXlSAg2UNWIIRAmaeAJoCxD34LErxdkOHHsYpS21hu8NJ7ACgnbxy\nAM58F212G/DZWyApoAfiS38=\n=UmAX\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 5) - i386, ppc, s390x, x86_64\n\n3. Further information\nabout these flaws can be found on the IBM Java Security alerts page, listed\nin the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n606442 - CVE-2005-1080 jar: directory traversal vulnerability\n1207101 - CVE-2015-2808 SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher\n1210355 - CVE-2015-0478 OpenJDK: RSA implementation hardening (JCE, 8071726)\n1210829 - CVE-2015-0469 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699)\n1211299 - CVE-2015-0477 OpenJDK: incorrect permissions check in resource loading (Beans, 8068320)\n1211504 - CVE-2015-0480 OpenJDK: jar directory traversal issues (Tools, 8064601)\n1211543 - CVE-2015-0488 OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720)\n1211768 - CVE-2015-0459 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D)\n1211769 - CVE-2015-0491 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D)\n1211771 - CVE-2015-0458 Oracle JDK: unspecified vulnerability fixed in 6u95, 7u79 and 8u45 (Deployment)\n1219212 - CVE-2015-0192 IBM JDK: unspecified Java sandbox restrictions bypass\n1219215 - CVE-2015-1914 IBM JDK: unspecified partial Java sandbox restrictions bypass\n1219223 - CVE-2015-0138 IBM JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites (FREAK)\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2808"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002044"
},
{
"db": "VULHUB",
"id": "VHN-80769"
},
{
"db": "PACKETSTORM",
"id": "132835"
},
{
"db": "PACKETSTORM",
"id": "133836"
},
{
"db": "PACKETSTORM",
"id": "132890"
},
{
"db": "PACKETSTORM",
"id": "132894"
},
{
"db": "PACKETSTORM",
"id": "133329"
},
{
"db": "PACKETSTORM",
"id": "133337"
},
{
"db": "PACKETSTORM",
"id": "132900"
},
{
"db": "PACKETSTORM",
"id": "132989"
},
{
"db": "PACKETSTORM",
"id": "131895"
},
{
"db": "PACKETSTORM",
"id": "132345"
},
{
"db": "PACKETSTORM",
"id": "132872"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-80769",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80769"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2808",
"trust": 3.8
},
{
"db": "BID",
"id": "91787",
"trust": 1.1
},
{
"db": "BID",
"id": "73684",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032788",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033737",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032734",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033432",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033071",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036222",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032708",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032868",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032990",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033072",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032910",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032858",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032600",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032599",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032707",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033386",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033415",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033431",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033769",
"trust": 1.1
},
{
"db": "JUNIPER",
"id": "JSA10705",
"trust": 1.1
},
{
"db": "JUNIPER",
"id": "JSA10727",
"trust": 1.1
},
{
"db": "JUNIPER",
"id": "JSA10783",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10163",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-160-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95298925",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002044",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "132872",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "133337",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "132890",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "133329",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "132345",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "132592",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133330",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133392",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133336",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132891",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133391",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132753",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137746",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135172",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133344",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136773",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133366",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136248",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201503-654",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-80769",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132835",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133836",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132894",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132900",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132989",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131895",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80769"
},
{
"db": "PACKETSTORM",
"id": "132835"
},
{
"db": "PACKETSTORM",
"id": "133836"
},
{
"db": "PACKETSTORM",
"id": "132890"
},
{
"db": "PACKETSTORM",
"id": "132894"
},
{
"db": "PACKETSTORM",
"id": "133329"
},
{
"db": "PACKETSTORM",
"id": "133337"
},
{
"db": "PACKETSTORM",
"id": "132900"
},
{
"db": "PACKETSTORM",
"id": "132989"
},
{
"db": "PACKETSTORM",
"id": "131895"
},
{
"db": "PACKETSTORM",
"id": "132345"
},
{
"db": "PACKETSTORM",
"id": "132872"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002044"
},
{
"db": "NVD",
"id": "CVE-2015-2808"
}
]
},
"id": "VAR-201504-0247",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80769"
}
],
"trust": 0.6702648333333333
},
"last_update_date": "2025-12-22T22:03:15.048000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2017-109",
"trust": 0.8,
"url": "https://www.google.co.jp/chrome/browser/desktop/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002044"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.0
},
{
"problemtype": "Cryptographic problems (CWE-310) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-310",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80769"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002044"
},
{
"db": "NVD",
"id": "CVE-2015-2808"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.blackhat.com/docs/asia-15/materials/asia-15-mantin-bar-mitzvah-attack-breaking-ssl-with-13-year-old-rc4-weakness-wp.pdf"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1007.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1526.html"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-2696-1"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-2706-1"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv71888"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv71892"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/73684"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04779034"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
},
{
"trust": 1.1,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21903565"
},
{
"trust": 1.1,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960015"
},
{
"trust": 1.1,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769"
},
{
"trust": 1.1,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-454055"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 1.1,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04770140"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04772190"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773119"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773241"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773256"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04832246"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04926789"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04708650"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04711380"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05085988"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05193347"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05289935"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05336888"
},
{
"trust": 1.1,
"url": "https://kb.juniper.net/jsa10783"
},
{
"trust": 1.1,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098709"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3316"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3339"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04687922"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1006.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1020.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1021.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1091.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1228.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1229.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1230.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1241.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1242.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1243.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032599"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032600"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032707"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032708"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032734"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032788"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032858"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032868"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032910"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032990"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033071"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033072"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033386"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033415"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033431"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033432"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033737"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033769"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036222"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2808"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10163"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2"
},
{
"trust": 1.0,
"url": "https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2"
},
{
"trust": 1.0,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10727"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2"
},
{
"trust": 1.0,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10705"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95298925/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2808"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20150715-jre.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2015/at150022.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-160-01"
},
{
"trust": 0.6,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.6,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4732"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2628"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4760"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2601"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2632"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2621"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2625"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2590"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4733"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4749"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4731"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4748"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2613"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.3,
"url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0477"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0480"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0478"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0469"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0488"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2808"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10705"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10727"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10163"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143456209711959\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143629696317098\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143818140118771\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143817899717054\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143817021313142\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144060576831314\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144069189622016\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144104565600964\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144060606031437\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144102017024820\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144059660127919\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144059703728085\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144043644216842\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143741441012338\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144104533800819\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144493176821532\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0470"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0460"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://h20565.www2.hpe.com/portal/site/hpsc"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-7/7u79-2.5.6-0ubuntu1.14.04.1"
},
{
"trust": 0.1,
"url": "https://wiki.ubuntu.com/securityteam/knowledgebase/logjam"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-7/7u79-2.5.6-0ubuntu1.15.04.1"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/face"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4760"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-2621"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-2601"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4732"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4000"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-2632"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4733"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4748"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4731"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-2625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-2590"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-2628"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b36-1.13.8-0ubuntu1~12.04"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0458"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0480"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1914"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0458"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0491"
},
{
"trust": 0.1,
"url": "https://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0491"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-1080"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2005-1080"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0138"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0138"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0459"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0477"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0459"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-1914"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0488"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hp.com/group/softwaresupport/search-"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80769"
},
{
"db": "PACKETSTORM",
"id": "132835"
},
{
"db": "PACKETSTORM",
"id": "133836"
},
{
"db": "PACKETSTORM",
"id": "132890"
},
{
"db": "PACKETSTORM",
"id": "132894"
},
{
"db": "PACKETSTORM",
"id": "133329"
},
{
"db": "PACKETSTORM",
"id": "133337"
},
{
"db": "PACKETSTORM",
"id": "132900"
},
{
"db": "PACKETSTORM",
"id": "132989"
},
{
"db": "PACKETSTORM",
"id": "131895"
},
{
"db": "PACKETSTORM",
"id": "132345"
},
{
"db": "PACKETSTORM",
"id": "132872"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002044"
},
{
"db": "NVD",
"id": "CVE-2015-2808"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-80769"
},
{
"db": "PACKETSTORM",
"id": "132835"
},
{
"db": "PACKETSTORM",
"id": "133836"
},
{
"db": "PACKETSTORM",
"id": "132890"
},
{
"db": "PACKETSTORM",
"id": "132894"
},
{
"db": "PACKETSTORM",
"id": "133329"
},
{
"db": "PACKETSTORM",
"id": "133337"
},
{
"db": "PACKETSTORM",
"id": "132900"
},
{
"db": "PACKETSTORM",
"id": "132989"
},
{
"db": "PACKETSTORM",
"id": "131895"
},
{
"db": "PACKETSTORM",
"id": "132345"
},
{
"db": "PACKETSTORM",
"id": "132872"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002044"
},
{
"db": "NVD",
"id": "CVE-2015-2808"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-80769"
},
{
"date": "2015-07-27T15:36:14",
"db": "PACKETSTORM",
"id": "132835"
},
{
"date": "2015-10-05T18:34:37",
"db": "PACKETSTORM",
"id": "133836"
},
{
"date": "2015-08-03T01:13:15",
"db": "PACKETSTORM",
"id": "132890"
},
{
"date": "2015-08-03T01:14:40",
"db": "PACKETSTORM",
"id": "132894"
},
{
"date": "2015-08-26T15:58:53",
"db": "PACKETSTORM",
"id": "133329"
},
{
"date": "2015-08-26T23:41:29",
"db": "PACKETSTORM",
"id": "133337"
},
{
"date": "2015-08-03T01:16:29",
"db": "PACKETSTORM",
"id": "132900"
},
{
"date": "2015-08-07T04:04:00",
"db": "PACKETSTORM",
"id": "132989"
},
{
"date": "2015-05-13T19:45:45",
"db": "PACKETSTORM",
"id": "131895"
},
{
"date": "2015-06-17T23:50:12",
"db": "PACKETSTORM",
"id": "132345"
},
{
"date": "2015-07-28T23:38:00",
"db": "PACKETSTORM",
"id": "132872"
},
{
"date": "2015-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002044"
},
{
"date": "2015-04-01T02:00:35.097000",
"db": "NVD",
"id": "CVE-2015-2808"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-18T00:00:00",
"db": "VULHUB",
"id": "VHN-80769"
},
{
"date": "2022-06-13T05:54:00",
"db": "JVNDB",
"id": "JVNDB-2015-002044"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-2808"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TLS\u00a0 Protocol and \u00a0SSL\u00a0 Used in the protocol \u00a0RC4\u00a0 Plaintext recovery attack vulnerability in algorithm to first byte of stream",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002044"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "info disclosure",
"sources": [
{
"db": "PACKETSTORM",
"id": "132894"
},
{
"db": "PACKETSTORM",
"id": "132989"
}
],
"trust": 0.2
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.