CVE-2015-5006

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Affected Products (NVD)
VendorProductVersion
ibmjava_2_sdk
5.0.0.0 ≤
𝑥
≤ 5.0.16.13
ibmjava_sdk
6.0.0.0 ≤
𝑥
< 6.0.16.15
ibmjava_sdk
6.1.0.0. ≤
𝑥
< 6.1.8.15
ibmjava_sdk
7.0.0.0 ≤
𝑥
< 7.0.9.20
ibmjava_sdk
7.1.0.0 ≤
𝑥
< 7.1.3.20
ibmjava_sdk
8.0.0.0 ≤
𝑥
< 8.0.2.0
redhatsatellite
5.6
redhatsatellite
5.7
redhatenterprise_linux_desktop
5.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
5.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_eus
6.7
redhatenterprise_linux_server_eus
7.2
redhatenterprise_linux_server_eus
7.3
redhatenterprise_linux_server_eus
7.4
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_workstation
5.0
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
java-1.6.0-ibm
RHEL 6
1:1.6.0.16.15-1jpp.1.el6_7
fixed
java-1.6.0-ibm-demo
RHEL 6
1:1.6.0.16.15-1jpp.1.el6_7
fixed
java-1.6.0-ibm-devel
RHEL 6
1:1.6.0.16.15-1jpp.1.el6_7
fixed
java-1.6.0-ibm-javacomm
RHEL 6
1:1.6.0.16.15-1jpp.1.el6_7
fixed
java-1.6.0-ibm-jdbc
RHEL 6
1:1.6.0.16.15-1jpp.1.el6_7
fixed
java-1.6.0-ibm-plugin
RHEL 6
1:1.6.0.16.15-1jpp.1.el6_7
fixed
java-1.6.0-ibm-src
RHEL 6
1:1.6.0.16.15-1jpp.1.el6_7
fixed
java-1.7.1-ibm
RHEL 6
1:1.7.1.3.20-1jpp.1.el6_7
fixed
RHEL 7
1:1.7.1.3.20-1jpp.1.el7
fixed
java-1.7.1-ibm-demo
RHEL 6
1:1.7.1.3.20-1jpp.1.el6_7
fixed
RHEL 7
1:1.7.1.3.20-1jpp.1.el7
fixed
java-1.7.1-ibm-devel
RHEL 6
1:1.7.1.3.20-1jpp.1.el6_7
fixed
RHEL 7
1:1.7.1.3.20-1jpp.1.el7
fixed
java-1.7.1-ibm-jdbc
RHEL 6
1:1.7.1.3.20-1jpp.1.el6_7
fixed
RHEL 7
1:1.7.1.3.20-1jpp.1.el7
fixed
java-1.7.1-ibm-plugin
RHEL 6
1:1.7.1.3.20-1jpp.1.el6_7
fixed
RHEL 7
1:1.7.1.3.20-1jpp.1.el7
fixed
java-1.7.1-ibm-src
RHEL 6
1:1.7.1.3.20-1jpp.1.el6_7
fixed
RHEL 7
1:1.7.1.3.20-1jpp.1.el7
fixed
java-1.8.0-ibm
RHEL 7
1:1.8.0.2.0-1jpp.1.el7
fixed
java-1.8.0-ibm-demo
RHEL 7
1:1.8.0.2.0-1jpp.1.el7
fixed
java-1.8.0-ibm-devel
RHEL 7
1:1.8.0.2.0-1jpp.1.el7
fixed
java-1.8.0-ibm-jdbc
RHEL 7
1:1.8.0.2.0-1jpp.1.el7
fixed
java-1.8.0-ibm-plugin
RHEL 7
1:1.8.0.2.0-1jpp.1.el7
fixed
java-1.8.0-ibm-src
RHEL 7
1:1.8.0.2.0-1jpp.1.el7
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
http://rhn.redhat.com/errata/RHSA-2015-2506.html
http://rhn.redhat.com/errata/RHSA-2015-2507.html
http://rhn.redhat.com/errata/RHSA-2015-2508.html
http://rhn.redhat.com/errata/RHSA-2015-2509.html
http://www-01.ibm.com/support/docview.wss?uid=swg1IV78316
http://www-01.ibm.com/support/docview.wss?uid=swg21969225
http://www.securityfocus.com/bid/77645
http://www.securitytracker.com/id/1034214
https://access.redhat.com/errata/RHSA-2016:1430
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
http://rhn.redhat.com/errata/RHSA-2015-2506.html
http://rhn.redhat.com/errata/RHSA-2015-2507.html
http://rhn.redhat.com/errata/RHSA-2015-2508.html
http://rhn.redhat.com/errata/RHSA-2015-2509.html
http://www-01.ibm.com/support/docview.wss?uid=swg1IV78316
http://www-01.ibm.com/support/docview.wss?uid=swg21969225
http://www.securityfocus.com/bid/77645
http://www.securitytracker.com/id/1034214
https://access.redhat.com/errata/RHSA-2016:1430