{
  "threat_severity" : "Moderate",
  "public_date" : "2015-04-14T00:00:00Z",
  "bugzilla" : {
    "description" : "OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720)",
    "id" : "1211543",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1211543"
  },
  "cvss" : {
    "cvss_base_score" : "5.0",
    "cvss_scoring_vector" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-248",
  "details" : [ "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE.", "A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly." ],
  "affected_release" : [ {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2015-04-20T00:00:00Z",
    "advisory" : "RHSA-2015:0857",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2015-04-20T00:00:00Z",
    "advisory" : "RHSA-2015:0858",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.6.0-sun-1:1.6.0.95-1jpp.3.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-04-17T00:00:00Z",
    "advisory" : "RHSA-2015:0854",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el6_6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-04-20T00:00:00Z",
    "advisory" : "RHSA-2015:0857",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el6_6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-04-20T00:00:00Z",
    "advisory" : "RHSA-2015:0858",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.6.0-sun-1:1.6.0.95-1jpp.3.el6_6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-04-17T00:00:00Z",
    "advisory" : "RHSA-2015:0854",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el7_1"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-04-20T00:00:00Z",
    "advisory" : "RHSA-2015:0857",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el7_1"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-04-20T00:00:00Z",
    "advisory" : "RHSA-2015:0858",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.6.0-sun-1:1.6.0.95-1jpp.3.el7_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2015-04-14T00:00:00Z",
    "advisory" : "RHSA-2015:0807",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.7.0-openjdk-1:1.7.0.79-2.5.5.2.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2015-04-15T00:00:00Z",
    "advisory" : "RHSA-2015:0808",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-05-13T00:00:00Z",
    "advisory" : "RHSA-2015:1006",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-05-13T00:00:00Z",
    "advisory" : "RHSA-2015:1007",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.7.0-ibm-1:1.7.0.9.0-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-05-20T00:00:00Z",
    "advisory" : "RHSA-2015:1021",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-04-15T00:00:00Z",
    "advisory" : "RHSA-2015:0806",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.7.0-openjdk-1:1.7.0.79-2.5.5.1.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-04-15T00:00:00Z",
    "advisory" : "RHSA-2015:0808",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-04-15T00:00:00Z",
    "advisory" : "RHSA-2015:0809",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.8.0-openjdk-1:1.8.0.45-28.b13.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-04-15T00:00:00Z",
    "advisory" : "RHSA-2015:0806",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.7.0-openjdk-1:1.7.0.79-2.5.5.1.ael7b_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-04-15T00:00:00Z",
    "advisory" : "RHSA-2015:0808",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el7_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-04-15T00:00:00Z",
    "advisory" : "RHSA-2015:0809",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.8.0-openjdk-1:1.8.0.45-30.b13.ael7b_1"
  }, {
    "product_name" : "Red Hat Satellite 5.6",
    "release_date" : "2015-06-11T00:00:00Z",
    "advisory" : "RHSA-2015:1091",
    "cpe" : "cpe:/a:redhat:network_satellite:5.6::el5",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Satellite 5.7",
    "release_date" : "2015-06-11T00:00:00Z",
    "advisory" : "RHSA-2015:1091",
    "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 6",
    "release_date" : "2015-05-13T00:00:00Z",
    "advisory" : "RHSA-2015:1006",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 6",
    "release_date" : "2015-05-20T00:00:00Z",
    "advisory" : "RHSA-2015:1020",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.el6_6"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 6",
    "release_date" : "2015-05-20T00:00:00Z",
    "advisory" : "RHSA-2015:1021",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el6_6"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 7",
    "release_date" : "2015-05-20T00:00:00Z",
    "advisory" : "RHSA-2015:1020",
    "cpe" : "cpe:/a:redhat:rhel_extras:7",
    "package" : "java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.ael7b_1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-0488\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0488\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" ],
  "name" : "CVE-2015-0488",
  "csaw" : false
}