Fluid Attacks Database

Description

A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel6	java-1.8.0-openjdk	<1:1.8.0.45-28.b13.el6_6	1:1.8.0.45-28.b13.el6_6
rpm rhel6	java-1.7.0-openjdk	<1:1.7.0.79-2.5.5.1.el6_6	1:1.7.0.79-2.5.5.1.el6_6
rpm rhel7	java-1.7.0-openjdk	<1:1.7.0.79-2.5.5.1.el7_1	1:1.7.0.79-2.5.5.1.el7_1
rpm rhel5	java-1.6.0-openjdk	<1:1.6.0.35-1.13.7.1.el5_11	1:1.6.0.35-1.13.7.1.el5_11
rpm rhel6	java-1.6.0-openjdk	<1:1.6.0.35-1.13.7.1.el6_6	1:1.6.0.35-1.13.7.1.el6_6
rpm rhel7	java-1.6.0-openjdk	<1:1.6.0.35-1.13.7.1.el7_1	1:1.6.0.35-1.13.7.1.el7_1
rpm rhel7	java-1.8.0-openjdk	<1:1.8.0.45-30.b13.el7_1	1:1.8.0.45-30.b13.el7_1
rpm rhel5	java-1.7.0-openjdk	<1:1.7.0.79-2.5.5.2.el5_11	1:1.7.0.79-2.5.5.2.el5_11

Aliases

1. CVE-2015-04882. NVD-2015-04883. OSV-2015-0488