{
  "threat_severity" : "Low",
  "public_date" : "2015-01-20T00:00:00Z",
  "bugzilla" : {
    "description" : "OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807)",
    "id" : "1123870",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1123870"
  },
  "cvss" : {
    "cvss_base_score" : "3.3",
    "cvss_scoring_vector" : "AV:L/AC:M/Au:N/C:N/I:P/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-377",
  "details" : [ "Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.", "Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack." ],
  "acknowledgement" : "This issue was discovered by Red Hat.",
  "affected_release" : [ {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2015-01-22T00:00:00Z",
    "advisory" : "RHSA-2015:0079",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.7.0-oracle-1:1.7.0.75-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0086",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.6.0-sun-1:1.6.0.91-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-22T00:00:00Z",
    "advisory" : "RHSA-2015:0079",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.7.0-oracle-1:1.7.0.75-1jpp.1.el6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-22T00:00:00Z",
    "advisory" : "RHSA-2015:0080",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.8.0-oracle-1:1.8.0.31-1jpp.1.el6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0086",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.6.0-sun-1:1.6.0.91-1jpp.1.el6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-01-22T00:00:00Z",
    "advisory" : "RHSA-2015:0079",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.7.0-oracle-1:1.7.0.75-1jpp.2.el7"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0086",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.6.0-sun-1:1.6.0.91-1jpp.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2015-01-20T00:00:00Z",
    "advisory" : "RHSA-2015:0068",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0085",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.6.0-openjdk-1:1.6.0.34-1.13.6.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-21T00:00:00Z",
    "advisory" : "RHSA-2015:0067",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-21T00:00:00Z",
    "advisory" : "RHSA-2015:0069",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.8.0-openjdk-1:1.8.0.31-1.b13.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0085",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.6.0-openjdk-1:1.6.0.34-1.13.6.1.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-01-21T00:00:00Z",
    "advisory" : "RHSA-2015:0067",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.2.el7_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0085",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.6.0-openjdk-1:1.6.0.34-1.13.6.1.el7_0"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-0383\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0383\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" ],
  "name" : "CVE-2015-0383",
  "csaw" : false
}