{
  "threat_severity" : "Low",
  "public_date" : "2005-01-04T00:00:00Z",
  "bugzilla" : {
    "description" : "OpenJDK: jar directory traversal issues (Tools, 8064601)",
    "id" : "1211504",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1211504"
  },
  "cvss" : {
    "cvss_base_score" : "2.6",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-22",
  "details" : [ "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools.", "A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted." ],
  "affected_release" : [ {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2015-04-20T00:00:00Z",
    "advisory" : "RHSA-2015:0857",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2015-04-20T00:00:00Z",
    "advisory" : "RHSA-2015:0858",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.6.0-sun-1:1.6.0.95-1jpp.3.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-04-17T00:00:00Z",
    "advisory" : "RHSA-2015:0854",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el6_6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-04-20T00:00:00Z",
    "advisory" : "RHSA-2015:0857",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el6_6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-04-20T00:00:00Z",
    "advisory" : "RHSA-2015:0858",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.6.0-sun-1:1.6.0.95-1jpp.3.el6_6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-04-17T00:00:00Z",
    "advisory" : "RHSA-2015:0854",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el7_1"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-04-20T00:00:00Z",
    "advisory" : "RHSA-2015:0857",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el7_1"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-04-20T00:00:00Z",
    "advisory" : "RHSA-2015:0858",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.6.0-sun-1:1.6.0.95-1jpp.3.el7_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2015-04-14T00:00:00Z",
    "advisory" : "RHSA-2015:0807",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.7.0-openjdk-1:1.7.0.79-2.5.5.2.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2015-04-15T00:00:00Z",
    "advisory" : "RHSA-2015:0808",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-05-13T00:00:00Z",
    "advisory" : "RHSA-2015:1006",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-05-13T00:00:00Z",
    "advisory" : "RHSA-2015:1007",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.7.0-ibm-1:1.7.0.9.0-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-05-20T00:00:00Z",
    "advisory" : "RHSA-2015:1021",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-04-15T00:00:00Z",
    "advisory" : "RHSA-2015:0806",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.7.0-openjdk-1:1.7.0.79-2.5.5.1.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-04-15T00:00:00Z",
    "advisory" : "RHSA-2015:0808",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-04-15T00:00:00Z",
    "advisory" : "RHSA-2015:0809",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.8.0-openjdk-1:1.8.0.45-28.b13.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-04-15T00:00:00Z",
    "advisory" : "RHSA-2015:0806",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.7.0-openjdk-1:1.7.0.79-2.5.5.1.ael7b_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-04-15T00:00:00Z",
    "advisory" : "RHSA-2015:0808",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el7_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-04-15T00:00:00Z",
    "advisory" : "RHSA-2015:0809",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.8.0-openjdk-1:1.8.0.45-30.b13.ael7b_1"
  }, {
    "product_name" : "Red Hat Satellite 5.6",
    "release_date" : "2015-06-11T00:00:00Z",
    "advisory" : "RHSA-2015:1091",
    "cpe" : "cpe:/a:redhat:network_satellite:5.6::el5",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Satellite 5.7",
    "release_date" : "2015-06-11T00:00:00Z",
    "advisory" : "RHSA-2015:1091",
    "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 6",
    "release_date" : "2015-05-13T00:00:00Z",
    "advisory" : "RHSA-2015:1006",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 6",
    "release_date" : "2015-05-20T00:00:00Z",
    "advisory" : "RHSA-2015:1020",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.el6_6"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 6",
    "release_date" : "2015-05-20T00:00:00Z",
    "advisory" : "RHSA-2015:1021",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el6_6"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 7",
    "release_date" : "2015-05-20T00:00:00Z",
    "advisory" : "RHSA-2015:1020",
    "cpe" : "cpe:/a:redhat:rhel_extras:7",
    "package" : "java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.ael7b_1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-0480\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0480\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" ],
  "name" : "CVE-2015-0480",
  "csaw" : false
}