{
  "threat_severity" : "Moderate",
  "public_date" : "2015-01-20T00:00:00Z",
  "bugzilla" : {
    "description" : "OpenJDK: directory information leak via file chooser (Swing, 8055304)",
    "id" : "1183043",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1183043"
  },
  "cvss" : {
    "cvss_base_score" : "4.3",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "details" : [ "Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.", "An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions." ],
  "affected_release" : [ {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2015-01-22T00:00:00Z",
    "advisory" : "RHSA-2015:0079",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.7.0-oracle-1:1.7.0.75-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0086",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.6.0-sun-1:1.6.0.91-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-22T00:00:00Z",
    "advisory" : "RHSA-2015:0079",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.7.0-oracle-1:1.7.0.75-1jpp.1.el6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-22T00:00:00Z",
    "advisory" : "RHSA-2015:0080",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.8.0-oracle-1:1.8.0.31-1jpp.1.el6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0086",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.6.0-sun-1:1.6.0.91-1jpp.1.el6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-01-22T00:00:00Z",
    "advisory" : "RHSA-2015:0079",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.7.0-oracle-1:1.7.0.75-1jpp.2.el7"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0086",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.6.0-sun-1:1.6.0.91-1jpp.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2015-01-20T00:00:00Z",
    "advisory" : "RHSA-2015:0068",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0085",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.6.0-openjdk-1:1.6.0.34-1.13.6.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-02-05T00:00:00Z",
    "advisory" : "RHSA-2015:0134",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.7.0-ibm-1:1.7.0.8.10-1jpp.4.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-02-05T00:00:00Z",
    "advisory" : "RHSA-2015:0135",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-02-05T00:00:00Z",
    "advisory" : "RHSA-2015:0136",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.5.0-ibm-1:1.5.0.16.9-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-21T00:00:00Z",
    "advisory" : "RHSA-2015:0067",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-21T00:00:00Z",
    "advisory" : "RHSA-2015:0069",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.8.0-openjdk-1:1.8.0.31-1.b13.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0085",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.6.0-openjdk-1:1.6.0.34-1.13.6.1.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-01-21T00:00:00Z",
    "advisory" : "RHSA-2015:0067",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.2.el7_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0085",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.6.0-openjdk-1:1.6.0.34-1.13.6.1.el7_0"
  }, {
    "product_name" : "Red Hat Satellite 5.6",
    "release_date" : "2015-02-24T00:00:00Z",
    "advisory" : "RHSA-2015:0264",
    "cpe" : "cpe:/a:redhat:network_satellite:5.6::el5",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Satellite 5.7",
    "release_date" : "2015-02-24T00:00:00Z",
    "advisory" : "RHSA-2015:0263",
    "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 6",
    "release_date" : "2015-02-05T00:00:00Z",
    "advisory" : "RHSA-2015:0133",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.7.1-ibm-1:1.7.1.2.10-1jpp.3.el6_6"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 6",
    "release_date" : "2015-02-05T00:00:00Z",
    "advisory" : "RHSA-2015:0135",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6_6"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 6",
    "release_date" : "2015-02-05T00:00:00Z",
    "advisory" : "RHSA-2015:0136",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.5.0-ibm-1:1.5.0.16.9-1jpp.1.el6_6"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 7",
    "release_date" : "2015-02-05T00:00:00Z",
    "advisory" : "RHSA-2015:0133",
    "cpe" : "cpe:/a:redhat:rhel_extras:7",
    "package" : "java-1.7.1-ibm-1:1.7.1.2.10-1jpp.3.el7_0"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "java-1.8.0-openjdk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "java-1.8.0-oracle",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-0407\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0407\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" ],
  "name" : "CVE-2015-0407",
  "csaw" : false
}