{
  "threat_severity" : "Moderate",
  "public_date" : "2015-07-14T00:00:00Z",
  "bugzilla" : {
    "description" : "OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)",
    "id" : "1242379",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1242379"
  },
  "cvss" : {
    "cvss_base_score" : "4.3",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-772",
  "details" : [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI.", "It was discovered that the JNDI component in OpenJDK did not handle DNS resolution errors correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution." ],
  "affected_release" : [ {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1242",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.7.0-oracle-1:1.7.0.85-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1243",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.6.0-sun-1:1.6.0.101-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1241",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.8.0-oracle-1:1.8.0.51-1jpp.2.el6_6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1242",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.7.0-oracle-1:1.7.0.85-1jpp.2.el6_6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1243",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.6.0-sun-1:1.6.0.101-1jpp.1.el6_6"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1241",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.8.0-oracle-1:1.8.0.51-1jpp.2.el7_1"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1242",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.7.0-oracle-1:1.7.0.85-1jpp.2.el7_1"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-17T00:00:00Z",
    "advisory" : "RHSA-2015:1243",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.6.0-sun-1:1.6.0.101-1jpp.1.el7_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2015-07-15T00:00:00Z",
    "advisory" : "RHSA-2015:1230",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2015-07-30T00:00:00Z",
    "advisory" : "RHSA-2015:1526",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-07-22T00:00:00Z",
    "advisory" : "RHSA-2015:1486",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-07-23T00:00:00Z",
    "advisory" : "RHSA-2015:1488",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.7.0-ibm-1:1.7.0.9.10-1jpp.2.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2015-08-04T00:00:00Z",
    "advisory" : "RHSA-2015:1544",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.5.0-ibm-1:1.5.0.16.13-1jpp.3.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-15T00:00:00Z",
    "advisory" : "RHSA-2015:1228",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.8.0-openjdk-1:1.8.0.51-0.b16.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-15T00:00:00Z",
    "advisory" : "RHSA-2015:1229",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-30T00:00:00Z",
    "advisory" : "RHSA-2015:1526",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el6_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Supplementary",
    "release_date" : "2015-07-22T00:00:00Z",
    "advisory" : "RHSA-2015:1485",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.7.1-ibm-1:1.7.1.3.10-1jpp.3.el6_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Supplementary",
    "release_date" : "2015-07-22T00:00:00Z",
    "advisory" : "RHSA-2015:1486",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el6_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Supplementary",
    "release_date" : "2015-08-04T00:00:00Z",
    "advisory" : "RHSA-2015:1544",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.5.0-ibm-1:1.5.0.16.13-1jpp.3.el6_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-15T00:00:00Z",
    "advisory" : "RHSA-2015:1228",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.8.0-openjdk-1:1.8.0.51-1.b16.ael7b_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-15T00:00:00Z",
    "advisory" : "RHSA-2015:1229",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.7.0-openjdk-1:1.7.0.85-2.6.1.2.ael7b_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-30T00:00:00Z",
    "advisory" : "RHSA-2015:1526",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el7_1"
  }, {
    "product_name" : "Red Hat Satellite 5.6",
    "release_date" : "2015-08-12T00:00:00Z",
    "advisory" : "RHSA-2015:1604",
    "cpe" : "cpe:/a:redhat:network_satellite:5.6::el5",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Satellite 5.7",
    "release_date" : "2015-08-12T00:00:00Z",
    "advisory" : "RHSA-2015:1604",
    "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.7-1jpp.1.el6_7"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-22T00:00:00Z",
    "advisory" : "RHSA-2015:1485",
    "cpe" : "cpe:/a:redhat:rhel_extras:7",
    "package" : "java-1.7.1-ibm-1:1.7.1.3.10-1jpp.1.ael7b_1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-4749\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4749\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ],
  "name" : "CVE-2015-4749",
  "csaw" : false
}