{ "threat_severity" : "Low", "public_date" : "2014-10-14T00:00:00Z", "bugzilla" : { "description" : "OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)", "id" : "1151063", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151063" }, "cvss" : { "cvss_base_score" : "2.6", "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status" : "verified" }, "details" : [ "Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.", "It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class." ], "affected_release" : [ { "product_name" : "Oracle Java for Red Hat Enterprise Linux 5", "release_date" : "2014-10-16T00:00:00Z", "advisory" : "RHSA-2014:1657", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5", "package" : "java-1.7.0-oracle-1:1.7.0.72-1jpp.4.el5_11" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 5", "release_date" : "2014-10-16T00:00:00Z", "advisory" : "RHSA-2014:1658", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5", "package" : "java-1.6.0-sun-1:1.6.0.85-1jpp.3.el5_11" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 6", "release_date" : "2014-10-16T00:00:00Z", "advisory" : "RHSA-2014:1657", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6", "package" : "java-1.7.0-oracle-1:1.7.0.72-1jpp.2.el6" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 6", "release_date" : "2014-10-16T00:00:00Z", "advisory" : "RHSA-2014:1658", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6", "package" : "java-1.6.0-sun-1:1.6.0.85-1jpp.2.el6" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 7", "release_date" : "2014-10-16T00:00:00Z", "advisory" : "RHSA-2014:1657", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7", "package" : "java-1.7.0-oracle-1:1.7.0.72-1jpp.2.el7" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 7", "release_date" : "2014-10-16T00:00:00Z", "advisory" : "RHSA-2014:1658", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7", "package" : "java-1.6.0-sun-1:1.6.0.85-1jpp.2.el7" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2014-10-14T00:00:00Z", "advisory" : "RHSA-2014:1633", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "java-1.7.0-openjdk-1:1.7.0.71-2.5.3.1.el5_11" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2014-10-15T00:00:00Z", "advisory" : "RHSA-2014:1634", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "java-1.6.0-openjdk-1:1.6.0.33-1.13.5.0.el5_11" }, { "product_name" : "Red Hat Enterprise Linux 5 Supplementary", "release_date" : "2014-11-19T00:00:00Z", "advisory" : "RHSA-2014:1876", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.7.0-ibm-1:1.7.0.8.0-1jpp.1.el5" }, { "product_name" : "Red Hat Enterprise Linux 5 Supplementary", "release_date" : "2014-11-19T00:00:00Z", "advisory" : "RHSA-2014:1877", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.6.0-ibm-1:1.6.0.16.2-1jpp.1.el5" }, { "product_name" : "Red Hat Enterprise Linux 5 Supplementary", "release_date" : "2014-11-20T00:00:00Z", "advisory" : "RHSA-2014:1881", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.5.0-ibm-1:1.5.0.16.8-1jpp.1.el5" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2014-10-15T00:00:00Z", "advisory" : "RHSA-2014:1620", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.7.0-openjdk-1:1.7.0.71-2.5.3.1.el6" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2014-10-15T00:00:00Z", "advisory" : "RHSA-2014:1634", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.6.0-openjdk-1:1.6.0.33-1.13.5.0.el6_6" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2014-10-15T00:00:00Z", "advisory" : "RHSA-2014:1636", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.8.0-openjdk-0:1.8.0.25-1.b17.el6" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2014-10-15T00:00:00Z", "advisory" : "RHSA-2014:1620", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "java-1.7.0-openjdk-1:1.7.0.71-2.5.3.1.el7_0" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2014-10-15T00:00:00Z", "advisory" : "RHSA-2014:1634", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "java-1.6.0-openjdk-1:1.6.0.33-1.13.5.0.el7_0" }, { "product_name" : "Red Hat Satellite 5.6", "release_date" : "2015-02-24T00:00:00Z", "advisory" : "RHSA-2015:0264", "cpe" : "cpe:/a:redhat:network_satellite:5.6::el5", "package" : "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 6", "release_date" : "2014-11-19T00:00:00Z", "advisory" : "RHSA-2014:1877", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.6.0-ibm-1:1.6.0.16.2-1jpp.1.el6_6" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 6", "release_date" : "2014-11-20T00:00:00Z", "advisory" : "RHSA-2014:1880", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.7.1-ibm-1:1.7.1.2.0-1jpp.3.el6_6" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 6", "release_date" : "2014-11-20T00:00:00Z", "advisory" : "RHSA-2014:1881", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.5.0-ibm-1:1.5.0.16.8-1jpp.1.el6_6" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 6", "release_date" : "2014-11-20T00:00:00Z", "advisory" : "RHSA-2014:1882", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.7.0-ibm-1:1.7.0.8.0-1jpp.1.el6_6" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 7", "release_date" : "2014-11-20T00:00:00Z", "advisory" : "RHSA-2014:1880", "cpe" : "cpe:/a:redhat:rhel_extras:7", "package" : "java-1.7.1-ibm-1:1.7.1.2.0-1jpp.3.el7_0" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-6558\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6558\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA" ], "name" : "CVE-2014-6558", "csaw" : false }