Описание
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | java-1.8.0-openjdk | Not affected | ||
| Red Hat Enterprise Linux 7 | java-1.8.0-oracle | Not affected | ||
| Oracle Java for Red Hat Enterprise Linux 5 | java-1.7.0-oracle | Fixed | RHSA-2015:0079 | 22.01.2015 |
| Oracle Java for Red Hat Enterprise Linux 5 | java-1.6.0-sun | Fixed | RHSA-2015:0086 | 26.01.2015 |
| Oracle Java for Red Hat Enterprise Linux 6 | java-1.7.0-oracle | Fixed | RHSA-2015:0079 | 22.01.2015 |
| Oracle Java for Red Hat Enterprise Linux 6 | java-1.8.0-oracle | Fixed | RHSA-2015:0080 | 22.01.2015 |
| Oracle Java for Red Hat Enterprise Linux 6 | java-1.6.0-sun | Fixed | RHSA-2015:0086 | 26.01.2015 |
| Oracle Java for Red Hat Enterprise Linux 7 | java-1.7.0-oracle | Fixed | RHSA-2015:0079 | 22.01.2015 |
| Oracle Java for Red Hat Enterprise Linux 7 | java-1.6.0-sun | Fixed | RHSA-2015:0086 | 26.01.2015 |
| Red Hat Enterprise Linux 5 | java-1.7.0-openjdk | Fixed | RHSA-2015:0068 | 20.01.2015 |
Показывать по
Дополнительная информация
Статус:
4 Medium
CVSS2
Связанные уязвимости
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u ...
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
ELSA-2015-0085: java-1.6.0-openjdk security update (IMPORTANT)
4 Medium
CVSS2