Fluid Attacks Database

Description

A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel6	java-1.6.0-openjdk	<1:1.6.0.36-1.13.8.1.el6_7	1:1.6.0.36-1.13.8.1.el6_7
rpm rhel6	java-1.7.0-openjdk	<1:1.7.0.85-2.6.1.3.el6_6	1:1.7.0.85-2.6.1.3.el6_6
rpm rhel7	java-1.6.0-openjdk	<1:1.6.0.36-1.13.8.1.el7_1	1:1.6.0.36-1.13.8.1.el7_1
rpm rhel5	java-1.7.0-openjdk	<1:1.7.0.85-2.6.1.3.el5_11	1:1.7.0.85-2.6.1.3.el5_11
rpm rhel7	java-1.8.0-openjdk	<1:1.8.0.51-1.b16.el7_1	1:1.8.0.51-1.b16.el7_1
rpm rhel5	java-1.6.0-openjdk	<1:1.6.0.36-1.13.8.1.el5_11	1:1.6.0.36-1.13.8.1.el5_11
rpm rhel7	java-1.7.0-openjdk	<1:1.7.0.85-2.6.1.2.el7_1	1:1.7.0.85-2.6.1.2.el7_1
rpm rhel6	java-1.8.0-openjdk	<1:1.8.0.51-0.b16.el6_6	1:1.8.0.51-0.b16.el6_6

Aliases

1. CVE-2015-47482. NVD-2015-47483. OSV-2015-4748