CVE-2015-5006
low
CVSS v3
—
CVSS v2
2.1
VIR risk
2.1
Description
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21969225
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1IV78316
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| suse | 11 | affected | |
| suse | 12 | affected | |
| rhel | 5.0 | affected | |
| rhel | 6.0 | affected | |
| rhel | 7.0 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | java_2_sdk | {"startIncluding":"5.0.0.0","endIncluding":"5.0.16.13"} | |
| ibm | java_sdk | {"startIncluding":"6.0.0.0","endExcluding":"6.0.16.15"} | 6.0.16.15 |
| redhat | satellite | 5.6 | |
| redhat | satellite | 5.7 | |
References
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
- http://rhn.redhat.com/errata/RHSA-2015-2506.html
- http://rhn.redhat.com/errata/RHSA-2015-2507.html
- http://rhn.redhat.com/errata/RHSA-2015-2508.html
- http://rhn.redhat.com/errata/RHSA-2015-2509.html
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV78316
- http://www-01.ibm.com/support/docview.wss?uid=swg21969225
- http://www.securityfocus.com/bid/77645
- http://www.securitytracker.com/id/1034214
- https://access.redhat.com/errata/RHSA-2016:1430
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
- http://rhn.redhat.com/errata/RHSA-2015-2506.html
- http://rhn.redhat.com/errata/RHSA-2015-2507.html
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.