{
  "threat_severity" : "Low",
  "public_date" : "2015-01-20T00:00:00Z",
  "bugzilla" : {
    "description" : "OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)",
    "id" : "1183715",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1183715"
  },
  "cvss" : {
    "cvss_base_score" : "4.1",
    "cvss_scoring_vector" : "AV:L/AC:M/Au:S/C:P/I:P/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.", "A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions." ],
  "affected_release" : [ {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2015-01-22T00:00:00Z",
    "advisory" : "RHSA-2015:0079",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.7.0-oracle-1:1.7.0.75-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0086",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.6.0-sun-1:1.6.0.91-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-22T00:00:00Z",
    "advisory" : "RHSA-2015:0079",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.7.0-oracle-1:1.7.0.75-1jpp.1.el6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-22T00:00:00Z",
    "advisory" : "RHSA-2015:0080",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.8.0-oracle-1:1.8.0.31-1jpp.1.el6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0086",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.6.0-sun-1:1.6.0.91-1jpp.1.el6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-01-22T00:00:00Z",
    "advisory" : "RHSA-2015:0079",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.7.0-oracle-1:1.7.0.75-1jpp.2.el7"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0086",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.6.0-sun-1:1.6.0.91-1jpp.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2015-01-20T00:00:00Z",
    "advisory" : "RHSA-2015:0068",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0085",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.6.0-openjdk-1:1.6.0.34-1.13.6.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-02-05T00:00:00Z",
    "advisory" : "RHSA-2015:0134",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.7.0-ibm-1:1.7.0.8.10-1jpp.4.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-02-05T00:00:00Z",
    "advisory" : "RHSA-2015:0135",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-21T00:00:00Z",
    "advisory" : "RHSA-2015:0067",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-21T00:00:00Z",
    "advisory" : "RHSA-2015:0069",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.8.0-openjdk-1:1.8.0.31-1.b13.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0085",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.6.0-openjdk-1:1.6.0.34-1.13.6.1.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-01-21T00:00:00Z",
    "advisory" : "RHSA-2015:0067",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.2.el7_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0085",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.6.0-openjdk-1:1.6.0.34-1.13.6.1.el7_0"
  }, {
    "product_name" : "Red Hat Satellite 5.6",
    "release_date" : "2015-02-24T00:00:00Z",
    "advisory" : "RHSA-2015:0264",
    "cpe" : "cpe:/a:redhat:network_satellite:5.6::el5",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Satellite 5.7",
    "release_date" : "2015-02-24T00:00:00Z",
    "advisory" : "RHSA-2015:0263",
    "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 6",
    "release_date" : "2015-02-05T00:00:00Z",
    "advisory" : "RHSA-2015:0133",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.7.1-ibm-1:1.7.1.2.10-1jpp.3.el6_6"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 6",
    "release_date" : "2015-02-05T00:00:00Z",
    "advisory" : "RHSA-2015:0135",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6_6"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 7",
    "release_date" : "2015-02-05T00:00:00Z",
    "advisory" : "RHSA-2015:0133",
    "cpe" : "cpe:/a:redhat:rhel_extras:7",
    "package" : "java-1.7.1-ibm-1:1.7.1.2.10-1jpp.3.el7_0"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "java-1.8.0-openjdk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "java-1.8.0-oracle",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-6587\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6587\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" ],
  "name" : "CVE-2014-6587",
  "csaw" : false
}