Fluid Attacks Database

Description

It was discovered that the JNDI component in OpenJDK did not handle DNS resolution errors correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel5	java-1.6.0-openjdk	<1:1.6.0.36-1.13.8.1.el5_11	1:1.6.0.36-1.13.8.1.el5_11
rpm rhel7	java-1.8.0-openjdk	<1:1.8.0.51-1.b16.el7_1	1:1.8.0.51-1.b16.el7_1
rpm rhel6	java-1.7.0-openjdk	<1:1.7.0.85-2.6.1.3.el6_6	1:1.7.0.85-2.6.1.3.el6_6
rpm rhel6	java-1.6.0-openjdk	<1:1.6.0.36-1.13.8.1.el6_7	1:1.6.0.36-1.13.8.1.el6_7
rpm rhel7	java-1.6.0-openjdk	<1:1.6.0.36-1.13.8.1.el7_1	1:1.6.0.36-1.13.8.1.el7_1
rpm rhel6	java-1.8.0-openjdk	<1:1.8.0.51-0.b16.el6_6	1:1.8.0.51-0.b16.el6_6
rpm rhel5	java-1.7.0-openjdk	<1:1.7.0.85-2.6.1.3.el5_11	1:1.7.0.85-2.6.1.3.el5_11
rpm rhel7	java-1.7.0-openjdk	<1:1.7.0.85-2.6.1.2.el7_1	1:1.7.0.85-2.6.1.2.el7_1

Aliases

1. CVE-2015-47492. NVD-2015-47493. OSV-2015-4749