{ "threat_severity" : "Moderate", "public_date" : "2015-07-14T00:00:00Z", "bugzilla" : { "description" : "OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)", "id" : "1242281", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1242281" }, "cvss" : { "cvss_base_score" : "4.3", "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status" : "verified" }, "cwe" : "CWE-299", "details" : [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.", "A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid." ], "affected_release" : [ { "product_name" : "Oracle Java for Red Hat Enterprise Linux 5", "release_date" : "2015-07-17T00:00:00Z", "advisory" : "RHSA-2015:1242", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5", "package" : "java-1.7.0-oracle-1:1.7.0.85-1jpp.1.el5_11" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 5", "release_date" : "2015-07-17T00:00:00Z", "advisory" : "RHSA-2015:1243", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5", "package" : "java-1.6.0-sun-1:1.6.0.101-1jpp.1.el5_11" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 6", "release_date" : "2015-07-17T00:00:00Z", "advisory" : "RHSA-2015:1241", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6", "package" : "java-1.8.0-oracle-1:1.8.0.51-1jpp.2.el6_6" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 6", "release_date" : "2015-07-17T00:00:00Z", "advisory" : "RHSA-2015:1242", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6", "package" : "java-1.7.0-oracle-1:1.7.0.85-1jpp.2.el6_6" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 6", "release_date" : "2015-07-17T00:00:00Z", "advisory" : "RHSA-2015:1243", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6", "package" : "java-1.6.0-sun-1:1.6.0.101-1jpp.1.el6_6" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 7", "release_date" : "2015-07-17T00:00:00Z", "advisory" : "RHSA-2015:1241", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7", "package" : "java-1.8.0-oracle-1:1.8.0.51-1jpp.2.el7_1" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 7", "release_date" : "2015-07-17T00:00:00Z", "advisory" : "RHSA-2015:1242", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7", "package" : "java-1.7.0-oracle-1:1.7.0.85-1jpp.2.el7_1" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 7", "release_date" : "2015-07-17T00:00:00Z", "advisory" : "RHSA-2015:1243", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7", "package" : "java-1.6.0-sun-1:1.6.0.101-1jpp.1.el7_1" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2015-07-15T00:00:00Z", "advisory" : "RHSA-2015:1230", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el5_11" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2015-07-30T00:00:00Z", "advisory" : "RHSA-2015:1526", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el5_11" }, { "product_name" : "Red Hat Enterprise Linux 5 Supplementary", "release_date" : "2015-07-22T00:00:00Z", "advisory" : "RHSA-2015:1486", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el5" }, { "product_name" : "Red Hat Enterprise Linux 5 Supplementary", "release_date" : "2015-07-23T00:00:00Z", "advisory" : "RHSA-2015:1488", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.7.0-ibm-1:1.7.0.9.10-1jpp.2.el5" }, { "product_name" : "Red Hat Enterprise Linux 5 Supplementary", "release_date" : "2015-08-04T00:00:00Z", "advisory" : "RHSA-2015:1544", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.5.0-ibm-1:1.5.0.16.13-1jpp.3.el5" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2015-07-15T00:00:00Z", "advisory" : "RHSA-2015:1228", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.8.0-openjdk-1:1.8.0.51-0.b16.el6_6" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2015-07-15T00:00:00Z", "advisory" : "RHSA-2015:1229", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el6_6" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2015-07-30T00:00:00Z", "advisory" : "RHSA-2015:1526", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el6_7" }, { "product_name" : "Red Hat Enterprise Linux 6 Supplementary", "release_date" : "2015-07-22T00:00:00Z", "advisory" : "RHSA-2015:1485", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.7.1-ibm-1:1.7.1.3.10-1jpp.3.el6_7" }, { "product_name" : "Red Hat Enterprise Linux 6 Supplementary", "release_date" : "2015-07-22T00:00:00Z", "advisory" : "RHSA-2015:1486", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el6_7" }, { "product_name" : "Red Hat Enterprise Linux 6 Supplementary", "release_date" : "2015-08-04T00:00:00Z", "advisory" : "RHSA-2015:1544", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.5.0-ibm-1:1.5.0.16.13-1jpp.3.el6_7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2015-07-15T00:00:00Z", "advisory" : "RHSA-2015:1228", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "java-1.8.0-openjdk-1:1.8.0.51-1.b16.ael7b_1" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2015-07-15T00:00:00Z", "advisory" : "RHSA-2015:1229", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "java-1.7.0-openjdk-1:1.7.0.85-2.6.1.2.ael7b_1" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2015-07-30T00:00:00Z", "advisory" : "RHSA-2015:1526", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el7_1" }, { "product_name" : "Red Hat Satellite 5.6", "release_date" : "2015-08-12T00:00:00Z", "advisory" : "RHSA-2015:1604", "cpe" : "cpe:/a:redhat:network_satellite:5.6::el5", "package" : "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el5" }, { "product_name" : "Red Hat Satellite 5.7", "release_date" : "2015-08-12T00:00:00Z", "advisory" : "RHSA-2015:1604", "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6", "package" : "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el6_7" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 7", "release_date" : "2015-07-22T00:00:00Z", "advisory" : "RHSA-2015:1485", "cpe" : "cpe:/a:redhat:rhel_extras:7", "package" : "java-1.7.1-ibm-1:1.7.1.3.10-1jpp.1.ael7b_1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-4748\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4748\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name" : "CVE-2015-4748", "csaw" : false }