{
  "threat_severity" : "Low",
  "public_date" : "2014-11-02T00:00:00Z",
  "bugzilla" : {
    "description" : "OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)",
    "id" : "1241965",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1241965"
  },
  "cvss" : {
    "cvss_base_score" : "2.6",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-295",
  "details" : [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE.", "A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address." ],
  "affected_release" : [ {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1242",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.7.0-oracle-1:1.7.0.85-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1243",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.6.0-sun-1:1.6.0.101-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1241",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.8.0-oracle-1:1.8.0.51-1jpp.2.el6_6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1242",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.7.0-oracle-1:1.7.0.85-1jpp.2.el6_6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1243",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.6.0-sun-1:1.6.0.101-1jpp.1.el6_6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1241",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.8.0-oracle-1:1.8.0.51-1jpp.2.el7_1"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1242",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.7.0-oracle-1:1.7.0.85-1jpp.2.el7_1"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1243",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.6.0-sun-1:1.6.0.101-1jpp.1.el7_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2015-07-15T00:00:00Z",
    "advisory" : "RHSA-2015:1230",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2015-07-30T00:00:00Z",
    "advisory" : "RHSA-2015:1526",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-07-22T00:00:00Z",
    "advisory" : "RHSA-2015:1486",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-07-23T00:00:00Z",
    "advisory" : "RHSA-2015:1488",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.7.0-ibm-1:1.7.0.9.10-1jpp.2.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-15T00:00:00Z",
    "advisory" : "RHSA-2015:1228",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.8.0-openjdk-1:1.8.0.51-0.b16.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-15T00:00:00Z",
    "advisory" : "RHSA-2015:1229",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-30T00:00:00Z",
    "advisory" : "RHSA-2015:1526",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el6_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Supplementary",
    "release_date" : "2015-07-22T00:00:00Z",
    "advisory" : "RHSA-2015:1485",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.7.1-ibm-1:1.7.1.3.10-1jpp.3.el6_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Supplementary",
    "release_date" : "2015-07-22T00:00:00Z",
    "advisory" : "RHSA-2015:1486",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el6_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-15T00:00:00Z",
    "advisory" : "RHSA-2015:1228",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.8.0-openjdk-1:1.8.0.51-1.b16.ael7b_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-15T00:00:00Z",
    "advisory" : "RHSA-2015:1229",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.7.0-openjdk-1:1.7.0.85-2.6.1.2.ael7b_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-30T00:00:00Z",
    "advisory" : "RHSA-2015:1526",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el7_1"
  }, {
    "product_name" : "Red Hat Satellite 5.6",
    "release_date" : "2015-08-12T00:00:00Z",
    "advisory" : "RHSA-2015:1604",
    "cpe" : "cpe:/a:redhat:network_satellite:5.6::el5",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Satellite 5.7",
    "release_date" : "2015-08-12T00:00:00Z",
    "advisory" : "RHSA-2015:1604",
    "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el6_7"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-22T00:00:00Z",
    "advisory" : "RHSA-2015:1485",
    "cpe" : "cpe:/a:redhat:rhel_extras:7",
    "package" : "java-1.7.1-ibm-1:1.7.1.3.10-1jpp.1.ael7b_1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-2625\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2625\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ],
  "name" : "CVE-2015-2625",
  "csaw" : false
}