{
  "threat_severity" : "Moderate",
  "public_date" : "2015-07-14T00:00:00Z",
  "bugzilla" : {
    "description" : "OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853)",
    "id" : "1242372",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1242372"
  },
  "cvss" : {
    "cvss_base_score" : "4.3",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "details" : [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allows remote attackers to affect confidentiality via vectors related to JMX.", "An information leak flaw was found in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions." ],
  "affected_release" : [ {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1242",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.7.0-oracle-1:1.7.0.85-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1243",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.6.0-sun-1:1.6.0.101-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1241",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.8.0-oracle-1:1.8.0.51-1jpp.2.el6_6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1242",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.7.0-oracle-1:1.7.0.85-1jpp.2.el6_6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1243",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.6.0-sun-1:1.6.0.101-1jpp.1.el6_6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1241",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.8.0-oracle-1:1.8.0.51-1jpp.2.el7_1"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1242",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.7.0-oracle-1:1.7.0.85-1jpp.2.el7_1"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1243",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.6.0-sun-1:1.6.0.101-1jpp.1.el7_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2015-07-15T00:00:00Z",
    "advisory" : "RHSA-2015:1230",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2015-07-30T00:00:00Z",
    "advisory" : "RHSA-2015:1526",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-07-22T00:00:00Z",
    "advisory" : "RHSA-2015:1486",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-07-23T00:00:00Z",
    "advisory" : "RHSA-2015:1488",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.7.0-ibm-1:1.7.0.9.10-1jpp.2.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-08-04T00:00:00Z",
    "advisory" : "RHSA-2015:1544",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.5.0-ibm-1:1.5.0.16.13-1jpp.3.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-15T00:00:00Z",
    "advisory" : "RHSA-2015:1228",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.8.0-openjdk-1:1.8.0.51-0.b16.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-15T00:00:00Z",
    "advisory" : "RHSA-2015:1229",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-30T00:00:00Z",
    "advisory" : "RHSA-2015:1526",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el6_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Supplementary",
    "release_date" : "2015-07-22T00:00:00Z",
    "advisory" : "RHSA-2015:1485",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.7.1-ibm-1:1.7.1.3.10-1jpp.3.el6_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Supplementary",
    "release_date" : "2015-07-22T00:00:00Z",
    "advisory" : "RHSA-2015:1486",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el6_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Supplementary",
    "release_date" : "2015-08-04T00:00:00Z",
    "advisory" : "RHSA-2015:1544",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.5.0-ibm-1:1.5.0.16.13-1jpp.3.el6_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-15T00:00:00Z",
    "advisory" : "RHSA-2015:1228",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.8.0-openjdk-1:1.8.0.51-1.b16.ael7b_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-15T00:00:00Z",
    "advisory" : "RHSA-2015:1229",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.7.0-openjdk-1:1.7.0.85-2.6.1.2.ael7b_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-30T00:00:00Z",
    "advisory" : "RHSA-2015:1526",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el7_1"
  }, {
    "product_name" : "Red Hat Satellite 5.6",
    "release_date" : "2015-08-12T00:00:00Z",
    "advisory" : "RHSA-2015:1604",
    "cpe" : "cpe:/a:redhat:network_satellite:5.6::el5",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Satellite 5.7",
    "release_date" : "2015-08-12T00:00:00Z",
    "advisory" : "RHSA-2015:1604",
    "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el6_7"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-22T00:00:00Z",
    "advisory" : "RHSA-2015:1485",
    "cpe" : "cpe:/a:redhat:rhel_extras:7",
    "package" : "java-1.7.1-ibm-1:1.7.1.3.10-1jpp.1.ael7b_1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-2621\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2621\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ],
  "name" : "CVE-2015-2621",
  "csaw" : false
}