Vulnerability Details CVE-2015-5006
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.5%
CVSS Severity
CVSS v2 Score 2.1
References
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
- http://rhn.redhat.com/errata/RHSA-2015-2506.html
- http://rhn.redhat.com/errata/RHSA-2015-2507.html
- http://rhn.redhat.com/errata/RHSA-2015-2508.html
- http://rhn.redhat.com/errata/RHSA-2015-2509.html
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV78316
- http://www-01.ibm.com/support/docview.wss?uid=swg21969225
- http://www.securityfocus.com/bid/77645
- http://www.securitytracker.com/id/1034214
- https://access.redhat.com/errata/RHSA-2016:1430
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
- http://rhn.redhat.com/errata/RHSA-2015-2506.html
- http://rhn.redhat.com/errata/RHSA-2015-2507.html
- http://rhn.redhat.com/errata/RHSA-2015-2508.html
- http://rhn.redhat.com/errata/RHSA-2015-2509.html
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV78316
- http://www-01.ibm.com/support/docview.wss?uid=swg21969225
- http://www.securityfocus.com/bid/77645
- http://www.securitytracker.com/id/1034214
- https://access.redhat.com/errata/RHSA-2016:1430
Products affected by CVE-2015-5006
-
cpe:2.3:a:ibm:java_2_sdk:5.0.0.0
-
cpe:2.3:a:ibm:java_2_sdk:5.0.16.13
-
cpe:2.3:a:ibm:java_sdk:6.0.0.0
-
cpe:2.3:a:ibm:java_sdk:6.0.1.0
-
cpe:2.3:a:ibm:java_sdk:6.0.1.8.15
-
cpe:2.3:a:ibm:java_sdk:6.0.10.0
-
cpe:2.3:a:ibm:java_sdk:6.0.10.1
-
cpe:2.3:a:ibm:java_sdk:6.0.11.0
-
cpe:2.3:a:ibm:java_sdk:6.0.12.0
-
cpe:2.3:a:ibm:java_sdk:6.0.13.0
-
cpe:2.3:a:ibm:java_sdk:6.0.13.1
-
cpe:2.3:a:ibm:java_sdk:6.0.13.2
-
cpe:2.3:a:ibm:java_sdk:6.0.14.0
-
cpe:2.3:a:ibm:java_sdk:6.0.15.0
-
cpe:2.3:a:ibm:java_sdk:6.0.15.1
-
cpe:2.3:a:ibm:java_sdk:6.0.15.21
-
cpe:2.3:a:ibm:java_sdk:6.0.16.0
-
cpe:2.3:a:ibm:java_sdk:6.0.16.3
-
cpe:2.3:a:ibm:java_sdk:6.0.16.7
-
cpe:2.3:a:ibm:java_sdk:6.0.2.0
-
cpe:2.3:a:ibm:java_sdk:6.0.3.0
-
cpe:2.3:a:ibm:java_sdk:6.0.4.0
-
cpe:2.3:a:ibm:java_sdk:6.0.5.0
-
cpe:2.3:a:ibm:java_sdk:6.0.6.0
-
cpe:2.3:a:ibm:java_sdk:6.0.7.0
-
cpe:2.3:a:ibm:java_sdk:6.0.8.0
-
cpe:2.3:a:ibm:java_sdk:6.0.8.1
-
cpe:2.3:a:ibm:java_sdk:6.0.9.0
-
cpe:2.3:a:ibm:java_sdk:6.0.9.1
-
cpe:2.3:a:ibm:java_sdk:6.0.9.2
-
cpe:2.3:a:ibm:java_sdk:6.1.8.2
-
cpe:2.3:a:ibm:java_sdk:6.1.8.7
-
cpe:2.3:a:ibm:java_sdk:7.0.0.0
-
cpe:2.3:a:ibm:java_sdk:7.0.1.0
-
cpe:2.3:a:ibm:java_sdk:7.0.2.0
-
cpe:2.3:a:ibm:java_sdk:7.0.3.0
-
cpe:2.3:a:ibm:java_sdk:7.0.4.0
-
cpe:2.3:a:ibm:java_sdk:7.0.4.1
-
cpe:2.3:a:ibm:java_sdk:7.0.4.2
-
cpe:2.3:a:ibm:java_sdk:7.0.5.0
-
cpe:2.3:a:ibm:java_sdk:7.0.6.0
-
cpe:2.3:a:ibm:java_sdk:7.0.6.1
-
cpe:2.3:a:ibm:java_sdk:7.0.7.0
-
cpe:2.3:a:ibm:java_sdk:7.0.8.10
-
cpe:2.3:a:ibm:java_sdk:7.0.9.10
-
cpe:2.3:a:ibm:java_sdk:7.1.0.0
-
cpe:2.3:a:ibm:java_sdk:7.1.1.0
-
cpe:2.3:a:ibm:java_sdk:7.1.2.10
-
cpe:2.3:a:ibm:java_sdk:7.1.3.10
-
cpe:2.3:a:ibm:java_sdk:8.0.0.0
-
cpe:2.3:a:ibm:java_sdk:8.0.1.10
-
cpe:2.3:a:redhat:satellite:5.6
-
cpe:2.3:a:redhat:satellite:5.7
-
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
-
cpe:2.3:o:redhat:enterprise_linux_server:5.0
-
cpe:2.3:o:redhat:enterprise_linux_server:6.0
-
cpe:2.3:o:redhat:enterprise_linux_server:7.0
-
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7
-
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2
-
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3
-
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4
-
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
-
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0
-
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
-
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
-
cpe:2.3:o:suse:linux_enterprise_server:11
-
cpe:2.3:o:suse:linux_enterprise_server:12
-
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11
-
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12