{ "threat_severity" : "Important", "public_date" : "2014-10-14T00:00:00Z", "bugzilla" : { "description" : "OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)", "id" : "1150155", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1150155" }, "cvss" : { "cvss_base_score" : "6.8", "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status" : "verified" }, "details" : [ "Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries." ], "affected_release" : [ { "product_name" : "Oracle Java for Red Hat Enterprise Linux 5", "release_date" : "2014-10-16T00:00:00Z", "advisory" : "RHSA-2014:1657", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5", "package" : "java-1.7.0-oracle-1:1.7.0.72-1jpp.4.el5_11" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 5", "release_date" : "2014-10-16T00:00:00Z", "advisory" : "RHSA-2014:1658", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5", "package" : "java-1.6.0-sun-1:1.6.0.85-1jpp.3.el5_11" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 6", "release_date" : "2014-10-16T00:00:00Z", "advisory" : "RHSA-2014:1657", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6", "package" : "java-1.7.0-oracle-1:1.7.0.72-1jpp.2.el6" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 6", "release_date" : "2014-10-16T00:00:00Z", "advisory" : "RHSA-2014:1658", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6", "package" : "java-1.6.0-sun-1:1.6.0.85-1jpp.2.el6" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 7", "release_date" : "2014-10-16T00:00:00Z", "advisory" : "RHSA-2014:1657", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7", "package" : "java-1.7.0-oracle-1:1.7.0.72-1jpp.2.el7" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 7", "release_date" : "2014-10-16T00:00:00Z", "advisory" : "RHSA-2014:1658", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7", "package" : "java-1.6.0-sun-1:1.6.0.85-1jpp.2.el7" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2014-10-14T00:00:00Z", "advisory" : "RHSA-2014:1633", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "java-1.7.0-openjdk-1:1.7.0.71-2.5.3.1.el5_11" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2014-10-15T00:00:00Z", "advisory" : "RHSA-2014:1634", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "java-1.6.0-openjdk-1:1.6.0.33-1.13.5.0.el5_11" }, { "product_name" : "Red Hat Enterprise Linux 5 Supplementary", "release_date" : "2014-11-19T00:00:00Z", "advisory" : "RHSA-2014:1876", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.7.0-ibm-1:1.7.0.8.0-1jpp.1.el5" }, { "product_name" : "Red Hat Enterprise Linux 5 Supplementary", "release_date" : "2014-11-19T00:00:00Z", "advisory" : "RHSA-2014:1877", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.6.0-ibm-1:1.6.0.16.2-1jpp.1.el5" }, { "product_name" : "Red Hat Enterprise Linux 5 Supplementary", "release_date" : "2014-11-20T00:00:00Z", "advisory" : "RHSA-2014:1881", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.5.0-ibm-1:1.5.0.16.8-1jpp.1.el5" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2014-10-15T00:00:00Z", "advisory" : "RHSA-2014:1620", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.7.0-openjdk-1:1.7.0.71-2.5.3.1.el6" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2014-10-15T00:00:00Z", "advisory" : "RHSA-2014:1634", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.6.0-openjdk-1:1.6.0.33-1.13.5.0.el6_6" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2014-10-15T00:00:00Z", "advisory" : "RHSA-2014:1636", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.8.0-openjdk-0:1.8.0.25-1.b17.el6" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2014-10-15T00:00:00Z", "advisory" : "RHSA-2014:1620", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "java-1.7.0-openjdk-1:1.7.0.71-2.5.3.1.el7_0" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2014-10-15T00:00:00Z", "advisory" : "RHSA-2014:1634", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "java-1.6.0-openjdk-1:1.6.0.33-1.13.5.0.el7_0" }, { "product_name" : "Red Hat Satellite 5.6", "release_date" : "2015-02-24T00:00:00Z", "advisory" : "RHSA-2015:0264", "cpe" : "cpe:/a:redhat:network_satellite:5.6::el5", "package" : "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 6", "release_date" : "2014-11-19T00:00:00Z", "advisory" : "RHSA-2014:1877", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.6.0-ibm-1:1.6.0.16.2-1jpp.1.el6_6" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 6", "release_date" : "2014-11-20T00:00:00Z", "advisory" : "RHSA-2014:1880", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.7.1-ibm-1:1.7.1.2.0-1jpp.3.el6_6" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 6", "release_date" : "2014-11-20T00:00:00Z", "advisory" : "RHSA-2014:1881", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.5.0-ibm-1:1.5.0.16.8-1jpp.1.el6_6" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 6", "release_date" : "2014-11-20T00:00:00Z", "advisory" : "RHSA-2014:1882", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.7.0-ibm-1:1.7.0.8.0-1jpp.1.el6_6" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 7", "release_date" : "2014-11-20T00:00:00Z", "advisory" : "RHSA-2014:1880", "cpe" : "cpe:/a:redhat:rhel_extras:7", "package" : "java-1.7.1-ibm-1:1.7.1.2.0-1jpp.3.el7_0" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-6506\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6506\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA" ], "name" : "CVE-2014-6506", "csaw" : false }