{ "threat_severity" : "Low", "public_date" : "2014-10-14T00:00:00Z", "bugzilla" : { "description" : "OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509)", "id" : "1071210", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1071210" }, "cvss" : { "cvss_base_score" : "4.3", "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status" : "verified" }, "cwe" : "CWE-345", "details" : [ "Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries.", "It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source." ], "acknowledgement" : "This issue was discovered by Florian Weimer (Red Hat Product Security).", "affected_release" : [ { "product_name" : "Oracle Java for Red Hat Enterprise Linux 5", "release_date" : "2014-10-16T00:00:00Z", "advisory" : "RHSA-2014:1657", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5", "package" : "java-1.7.0-oracle-1:1.7.0.72-1jpp.4.el5_11" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 5", "release_date" : "2014-10-16T00:00:00Z", "advisory" : "RHSA-2014:1658", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5", "package" : "java-1.6.0-sun-1:1.6.0.85-1jpp.3.el5_11" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 6", "release_date" : "2014-10-16T00:00:00Z", "advisory" : "RHSA-2014:1657", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6", "package" : "java-1.7.0-oracle-1:1.7.0.72-1jpp.2.el6" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 6", "release_date" : "2014-10-16T00:00:00Z", "advisory" : "RHSA-2014:1658", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6", "package" : "java-1.6.0-sun-1:1.6.0.85-1jpp.2.el6" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 7", "release_date" : "2014-10-16T00:00:00Z", "advisory" : "RHSA-2014:1657", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7", "package" : "java-1.7.0-oracle-1:1.7.0.72-1jpp.2.el7" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 7", "release_date" : "2014-10-16T00:00:00Z", "advisory" : "RHSA-2014:1658", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7", "package" : "java-1.6.0-sun-1:1.6.0.85-1jpp.2.el7" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2014-10-14T00:00:00Z", "advisory" : "RHSA-2014:1633", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "java-1.7.0-openjdk-1:1.7.0.71-2.5.3.1.el5_11" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2014-10-15T00:00:00Z", "advisory" : "RHSA-2014:1634", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "java-1.6.0-openjdk-1:1.6.0.33-1.13.5.0.el5_11" }, { "product_name" : "Red Hat Enterprise Linux 5 Supplementary", "release_date" : "2014-11-19T00:00:00Z", "advisory" : "RHSA-2014:1876", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.7.0-ibm-1:1.7.0.8.0-1jpp.1.el5" }, { "product_name" : "Red Hat Enterprise Linux 5 Supplementary", "release_date" : "2014-11-19T00:00:00Z", "advisory" : "RHSA-2014:1877", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.6.0-ibm-1:1.6.0.16.2-1jpp.1.el5" }, { "product_name" : "Red Hat Enterprise Linux 5 Supplementary", "release_date" : "2014-11-20T00:00:00Z", "advisory" : "RHSA-2014:1881", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.5.0-ibm-1:1.5.0.16.8-1jpp.1.el5" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2014-10-15T00:00:00Z", "advisory" : "RHSA-2014:1620", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.7.0-openjdk-1:1.7.0.71-2.5.3.1.el6" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2014-10-15T00:00:00Z", "advisory" : "RHSA-2014:1634", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.6.0-openjdk-1:1.6.0.33-1.13.5.0.el6_6" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2014-10-15T00:00:00Z", "advisory" : "RHSA-2014:1636", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.8.0-openjdk-0:1.8.0.25-1.b17.el6" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2014-10-15T00:00:00Z", "advisory" : "RHSA-2014:1620", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "java-1.7.0-openjdk-1:1.7.0.71-2.5.3.1.el7_0" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2014-10-15T00:00:00Z", "advisory" : "RHSA-2014:1634", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "java-1.6.0-openjdk-1:1.6.0.33-1.13.5.0.el7_0" }, { "product_name" : "Red Hat Satellite 5.6", "release_date" : "2015-02-24T00:00:00Z", "advisory" : "RHSA-2015:0264", "cpe" : "cpe:/a:redhat:network_satellite:5.6::el5", "package" : "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 6", "release_date" : "2014-11-19T00:00:00Z", "advisory" : "RHSA-2014:1877", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.6.0-ibm-1:1.6.0.16.2-1jpp.1.el6_6" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 6", "release_date" : "2014-11-20T00:00:00Z", "advisory" : "RHSA-2014:1880", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.7.1-ibm-1:1.7.1.2.0-1jpp.3.el6_6" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 6", "release_date" : "2014-11-20T00:00:00Z", "advisory" : "RHSA-2014:1881", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.5.0-ibm-1:1.5.0.16.8-1jpp.1.el6_6" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 6", "release_date" : "2014-11-20T00:00:00Z", "advisory" : "RHSA-2014:1882", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.7.0-ibm-1:1.7.0.8.0-1jpp.1.el6_6" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 7", "release_date" : "2014-11-20T00:00:00Z", "advisory" : "RHSA-2014:1880", "cpe" : "cpe:/a:redhat:rhel_extras:7", "package" : "java-1.7.1-ibm-1:1.7.1.2.0-1jpp.3.el7_0" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-6512\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6512\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA" ], "name" : "CVE-2014-6512", "csaw" : false }