{ "threat_severity" : "Low", "public_date" : "2015-04-14T00:00:00Z", "bugzilla" : { "description" : "OpenJDK: insufficient hardening of RSA-CRT implementation (JCE, 8071726)", "id" : "1210355", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1210355" }, "cvss" : { "cvss_base_score" : "2.6", "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-358", "details" : [ "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE.", "It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures." ], "acknowledgement" : "This issue was discovered by Florian Weimer (Red Hat Product Security).", "affected_release" : [ { "product_name" : "Oracle Java for Red Hat Enterprise Linux 5", "release_date" : "2015-04-20T00:00:00Z", "advisory" : "RHSA-2015:0857", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5", "package" : "java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el5_11" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 5", "release_date" : "2015-04-20T00:00:00Z", "advisory" : "RHSA-2015:0858", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5", "package" : "java-1.6.0-sun-1:1.6.0.95-1jpp.3.el5_11" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 6", "release_date" : "2015-04-17T00:00:00Z", "advisory" : "RHSA-2015:0854", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6", "package" : "java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el6_6" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 6", "release_date" : "2015-04-20T00:00:00Z", "advisory" : "RHSA-2015:0857", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6", "package" : "java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el6_6" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 6", "release_date" : "2015-04-20T00:00:00Z", "advisory" : "RHSA-2015:0858", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6", "package" : "java-1.6.0-sun-1:1.6.0.95-1jpp.3.el6_6" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 7", "release_date" : "2015-04-17T00:00:00Z", "advisory" : "RHSA-2015:0854", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7", "package" : "java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el7_1" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 7", "release_date" : "2015-04-20T00:00:00Z", "advisory" : "RHSA-2015:0857", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7", "package" : "java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el7_1" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 7", "release_date" : "2015-04-20T00:00:00Z", "advisory" : "RHSA-2015:0858", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7", "package" : "java-1.6.0-sun-1:1.6.0.95-1jpp.3.el7_1" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2015-04-14T00:00:00Z", "advisory" : "RHSA-2015:0807", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "java-1.7.0-openjdk-1:1.7.0.79-2.5.5.2.el5_11" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2015-04-15T00:00:00Z", "advisory" : "RHSA-2015:0808", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el5_11" }, { "product_name" : "Red Hat Enterprise Linux 5 Supplementary", "release_date" : "2015-05-13T00:00:00Z", "advisory" : "RHSA-2015:1006", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5" }, { "product_name" : "Red Hat Enterprise Linux 5 Supplementary", "release_date" : "2015-05-13T00:00:00Z", "advisory" : "RHSA-2015:1007", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.7.0-ibm-1:1.7.0.9.0-1jpp.1.el5" }, { "product_name" : "Red Hat Enterprise Linux 5 Supplementary", "release_date" : "2015-05-20T00:00:00Z", "advisory" : "RHSA-2015:1021", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el5" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2015-04-15T00:00:00Z", "advisory" : "RHSA-2015:0806", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.7.0-openjdk-1:1.7.0.79-2.5.5.1.el6_6" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2015-04-15T00:00:00Z", "advisory" : "RHSA-2015:0808", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el6_6" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2015-04-15T00:00:00Z", "advisory" : "RHSA-2015:0809", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.8.0-openjdk-1:1.8.0.45-28.b13.el6_6" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2015-04-15T00:00:00Z", "advisory" : "RHSA-2015:0806", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "java-1.7.0-openjdk-1:1.7.0.79-2.5.5.1.ael7b_1" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2015-04-15T00:00:00Z", "advisory" : "RHSA-2015:0808", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el7_1" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2015-04-15T00:00:00Z", "advisory" : "RHSA-2015:0809", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "java-1.8.0-openjdk-1:1.8.0.45-30.b13.ael7b_1" }, { "product_name" : "Red Hat Satellite 5.6", "release_date" : "2015-06-11T00:00:00Z", "advisory" : "RHSA-2015:1091", "cpe" : "cpe:/a:redhat:network_satellite:5.6::el5", "package" : "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5" }, { "product_name" : "Red Hat Satellite 5.7", "release_date" : "2015-06-11T00:00:00Z", "advisory" : "RHSA-2015:1091", "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6", "package" : "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 6", "release_date" : "2015-05-13T00:00:00Z", "advisory" : "RHSA-2015:1006", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 6", "release_date" : "2015-05-20T00:00:00Z", "advisory" : "RHSA-2015:1020", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.el6_6" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 6", "release_date" : "2015-05-20T00:00:00Z", "advisory" : "RHSA-2015:1021", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el6_6" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 7", "release_date" : "2015-05-20T00:00:00Z", "advisory" : "RHSA-2015:1020", "cpe" : "cpe:/a:redhat:rhel_extras:7", "package" : "java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.ael7b_1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-0478\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0478\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA\nhttps://people.redhat.com/~fweimer/rsa-crt-leaks.pdf\nhttps://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/" ], "name" : "CVE-2015-0478", "csaw" : false }