Описание
Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.
A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | java-1.8.0-openjdk | Not affected | ||
| Red Hat Enterprise Linux 7 | java-1.8.0-oracle | Not affected | ||
| Oracle Java for Red Hat Enterprise Linux 5 | java-1.7.0-oracle | Fixed | RHSA-2015:0079 | 22.01.2015 |
| Oracle Java for Red Hat Enterprise Linux 5 | java-1.6.0-sun | Fixed | RHSA-2015:0086 | 26.01.2015 |
| Oracle Java for Red Hat Enterprise Linux 6 | java-1.7.0-oracle | Fixed | RHSA-2015:0079 | 22.01.2015 |
| Oracle Java for Red Hat Enterprise Linux 6 | java-1.8.0-oracle | Fixed | RHSA-2015:0080 | 22.01.2015 |
| Oracle Java for Red Hat Enterprise Linux 6 | java-1.6.0-sun | Fixed | RHSA-2015:0086 | 26.01.2015 |
| Oracle Java for Red Hat Enterprise Linux 7 | java-1.7.0-oracle | Fixed | RHSA-2015:0079 | 22.01.2015 |
| Oracle Java for Red Hat Enterprise Linux 7 | java-1.6.0-sun | Fixed | RHSA-2015:0086 | 26.01.2015 |
| Red Hat Enterprise Linux 5 | java-1.7.0-openjdk | Fixed | RHSA-2015:0068 | 20.01.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.
Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.
Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit co ...
Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.
ELSA-2015-0085: java-1.6.0-openjdk security update (IMPORTANT)
EPSS
5 Medium
CVSS2