{ "threat_severity" : "Moderate", "public_date" : "2015-04-14T00:00:00Z", "bugzilla" : { "description" : "OpenJDK: incorrect handling of default methods (Hotspot, 8065366)", "id" : "1211387", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1211387" }, "cvss" : { "cvss_base_score" : "4.3", "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status" : "verified" }, "details" : [ "Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect integrity via unknown vectors related to Hotspot.", "A flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions." ], "affected_release" : [ { "product_name" : "Oracle Java for Red Hat Enterprise Linux 6", "release_date" : "2015-04-17T00:00:00Z", "advisory" : "RHSA-2015:0854", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6", "package" : "java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el6_6" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 7", "release_date" : "2015-04-17T00:00:00Z", "advisory" : "RHSA-2015:0854", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7", "package" : "java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el7_1" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2015-04-15T00:00:00Z", "advisory" : "RHSA-2015:0809", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.8.0-openjdk-1:1.8.0.45-28.b13.el6_6" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2015-04-15T00:00:00Z", "advisory" : "RHSA-2015:0809", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "java-1.8.0-openjdk-1:1.8.0.45-30.b13.ael7b_1" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "java-1.6.0-openjdk", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "java-1.6.0-sun", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "java-1.7.0-openjdk", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "java-1.7.0-oracle", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "java-1.6.0-openjdk", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "java-1.6.0-sun", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "java-1.7.0-openjdk", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "java-1.7.0-oracle", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "java-1.6.0-openjdk", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "java-1.6.0-sun", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "java-1.7.0-openjdk", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "java-1.7.0-oracle", "cpe" : "cpe:/o:redhat:enterprise_linux:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-0470\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0470\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" ], "name" : "CVE-2015-0470", "csaw" : false }