{
  "threat_severity" : "Critical",
  "public_date" : "2015-01-20T00:00:00Z",
  "bugzilla" : {
    "description" : "OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)",
    "id" : "1183023",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1183023"
  },
  "cvss" : {
    "cvss_base_score" : "6.8",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
    "status" : "verified"
  },
  "details" : [ "Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.", "An improper permission check issue was discovered in the RMI component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions." ],
  "affected_release" : [ {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2015-01-22T00:00:00Z",
    "advisory" : "RHSA-2015:0079",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.7.0-oracle-1:1.7.0.75-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0086",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.6.0-sun-1:1.6.0.91-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-22T00:00:00Z",
    "advisory" : "RHSA-2015:0079",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.7.0-oracle-1:1.7.0.75-1jpp.1.el6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-22T00:00:00Z",
    "advisory" : "RHSA-2015:0080",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.8.0-oracle-1:1.8.0.31-1jpp.1.el6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0086",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.6.0-sun-1:1.6.0.91-1jpp.1.el6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-01-22T00:00:00Z",
    "advisory" : "RHSA-2015:0079",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.7.0-oracle-1:1.7.0.75-1jpp.2.el7"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0086",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.6.0-sun-1:1.6.0.91-1jpp.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2015-01-20T00:00:00Z",
    "advisory" : "RHSA-2015:0068",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0085",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.6.0-openjdk-1:1.6.0.34-1.13.6.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-02-05T00:00:00Z",
    "advisory" : "RHSA-2015:0134",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.7.0-ibm-1:1.7.0.8.10-1jpp.4.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-02-05T00:00:00Z",
    "advisory" : "RHSA-2015:0135",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-02-05T00:00:00Z",
    "advisory" : "RHSA-2015:0136",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.5.0-ibm-1:1.5.0.16.9-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-21T00:00:00Z",
    "advisory" : "RHSA-2015:0067",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-21T00:00:00Z",
    "advisory" : "RHSA-2015:0069",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.8.0-openjdk-1:1.8.0.31-1.b13.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0085",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.6.0-openjdk-1:1.6.0.34-1.13.6.1.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-01-21T00:00:00Z",
    "advisory" : "RHSA-2015:0067",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.7.0-openjdk-1:1.7.0.75-2.5.4.2.el7_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-01-26T00:00:00Z",
    "advisory" : "RHSA-2015:0085",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.6.0-openjdk-1:1.6.0.34-1.13.6.1.el7_0"
  }, {
    "product_name" : "Red Hat Satellite 5.6",
    "release_date" : "2015-02-24T00:00:00Z",
    "advisory" : "RHSA-2015:0264",
    "cpe" : "cpe:/a:redhat:network_satellite:5.6::el5",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Satellite 5.7",
    "release_date" : "2015-02-24T00:00:00Z",
    "advisory" : "RHSA-2015:0263",
    "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 6",
    "release_date" : "2015-02-05T00:00:00Z",
    "advisory" : "RHSA-2015:0133",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.7.1-ibm-1:1.7.1.2.10-1jpp.3.el6_6"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 6",
    "release_date" : "2015-02-05T00:00:00Z",
    "advisory" : "RHSA-2015:0135",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6_6"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 6",
    "release_date" : "2015-02-05T00:00:00Z",
    "advisory" : "RHSA-2015:0136",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.5.0-ibm-1:1.5.0.16.9-1jpp.1.el6_6"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 7",
    "release_date" : "2015-02-05T00:00:00Z",
    "advisory" : "RHSA-2015:0133",
    "cpe" : "cpe:/a:redhat:rhel_extras:7",
    "package" : "java-1.7.1-ibm-1:1.7.1.2.10-1jpp.3.el7_0"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "java-1.8.0-openjdk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "java-1.8.0-oracle",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-0408\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0408\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" ],
  "name" : "CVE-2015-0408",
  "csaw" : false
}