Amazon Linux AMI: Security patch for java-1.6.0-openjdk (ALAS-2015-480) (multiple CVEs)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | January 21, 2015 | February 17, 2015 | March 21, 2018 |
Available Exploits 
Description
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
- AMAZON-ALAS-2015-480
- APPLE-APPLE-SA-2014-10-16-1
- APPLE-APPLE-SA-2014-10-16-3
- APPLE-APPLE-SA-2014-10-16-4
- APPLE-APPLE-SA-2014-10-20-1
- APPLE-APPLE-SA-2014-10-20-2
- APPLE-APPLE-SA-2015-01-27-4
- APPLE-APPLE-SA-2015-09-16-2
- BID-70574
- BID-72155
- BID-72168
- BID-72169
- BID-72173
- BID-72175
- CERT-TA14-290A
- CERT-VN-577193
- CVE-2014-3566
- CVE-2014-6585
- CVE-2014-6587
- CVE-2014-6591
- CVE-2014-6593
- CVE-2014-6601
- CVE-2015-0383
- CVE-2015-0395
- CVE-2015-0407
- CVE-2015-0408
- CVE-2015-0410
- CVE-2015-0412
- DEBIAN-DSA-3053
- DEBIAN-DSA-3144
- DEBIAN-DSA-3147
- DEBIAN-DSA-3253
- DISA_SEVERITY-Category I
- DISA_VMSKEY-V0058513
- DISA_VMSKEY-V0058515
- DISA_VMSKEY-V0058517
- DISA_VMSKEY-V0061081
- IAVM-2015-A-0154
- IAVM-2015-B-0012
- IAVM-2015-B-0013
- IAVM-2015-B-0014
- NETBSD-NetBSD-SA2014-015
- REDHAT-RHSA-2014:1652
- REDHAT-RHSA-2014:1653
- REDHAT-RHSA-2014:1692
- REDHAT-RHSA-2014:1876
- REDHAT-RHSA-2014:1877
- REDHAT-RHSA-2014:1880
- REDHAT-RHSA-2014:1881
- REDHAT-RHSA-2014:1882
- REDHAT-RHSA-2014:1920
- REDHAT-RHSA-2014:1948
- REDHAT-RHSA-2015:0068
- REDHAT-RHSA-2015:0079
- REDHAT-RHSA-2015:0080
- REDHAT-RHSA-2015:0085
- REDHAT-RHSA-2015:0086
- REDHAT-RHSA-2015:0136
- REDHAT-RHSA-2015:0264
- REDHAT-RHSA-2015:0698
- REDHAT-RHSA-2015:1545
- REDHAT-RHSA-2015:1546
- XF-100140
- XF-100142
- XF-100143
- XF-100148
- XF-100150
- XF-100151
Solution Reference
Java Security UpdateSolution
amazon-linux-upgrade-java-1-6-0-openjdkRelated Vulnerabilities
- Gentoo Linux: CVE-2015-0412: IcedTea: Multiple vulnerabilities
- Palo Alto Networks PAN-SA-2014-0005 (CVE-2014-3566): SSL 3.0 MITM Attack
- HP-UX: CVE-2015-0408: JRE and JDK Vulnerability on HPUX
- SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
- OS X security update 2015-001 for AFP Server (CVE-2014-3566)
- Oracle Solaris 11: CVE-2014-3566: Vulnerability in Multiple Components
- Juniper Junos OS: 2014-10 Out of Cycle Security Bulletin: Multiple products affected by SSL "POODLE" vulnerability (JSA10656) (CVE-2014-3566)
- IBM WebSphere Application Server: CVE-2014-3566: IBM Potential Security Vulnerabilities fixed in IBM WebSphere Application Server
- OS X update for OpenSSL (CVE-2014-3566)
- Cent OS: CVE-2014-6587: CESA-2015:0085 (java-1.6.0-openjdk)
- HP-UX: CVE-2014-6593: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
- RHSA-2015:0067: java-1.7.0-openjdk security update
- Amazon Linux AMI: Security patch for nss (ALAS-2014-429) (CVE-2014-3566)
- Java CPU January 2015 Java SE RMI vulnerability (CVE-2015-0408)
- SUSE: CVE-2014-6585: SUSE Linux Security Advisory
- HP-UX: CVE-2014-3566: Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack
- ELSA-2014-1653 Moderate: Oracle Linux openssl security update
- Cisco IOS: CVE-2014-3566: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
- IBM AIX: java_feb2015_advisory (CVE-2014-6587): Vulnerability in IBM Java SDK affects AIX
- Gentoo Linux: CVE-2014-6591: IcedTea: Multiple vulnerabilities
- HP-UX: CVE-2015-0383: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
- Java CPU January 2015 Java SE, Java SE Embedded, JRockit Security vulnerability (CVE-2015-0410)
- ELSA-2015-0067 Critical: Oracle Linux java-1.7.0-openjdk security update
- Gentoo Linux: CVE-2014-6585: IcedTea: Multiple vulnerabilities
- IBM HTTP Server: CVE-2014-3566: IBM HTTP Server should disable weak SSL protocols and ciphers by default
- Gentoo Linux: CVE-2015-0383: IcedTea: Multiple vulnerabilities
- Gentoo Linux: CVE-2015-0395: IcedTea: Multiple vulnerabilities
- USN-2486-1: OpenJDK 6 vulnerabilities
- IBM AIX: java_feb2015_advisory (CVE-2014-6591): Vulnerability in IBM Java SDK affects AIX
- Cent OS: CVE-2015-0383: CESA-2015:0085 (java-1.6.0-openjdk)
- OpenSSL SSL 3.0 Fallback protection (CVE-2014-3566)
- Gentoo Linux: CVE-2014-6587: IcedTea: Multiple vulnerabilities
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- Java CPU January 2015 Java SE Hotspot vulnerability (CVE-2014-6601)
- IBM WebSphere Application Server: CVE-2014-6593: IBM Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU
- RHSA-2014:1882: java-1.7.0-ibm security update
- SUSE: CVE-2015-0383: SUSE Linux Security Advisory
- RHSA-2015:0080: java-1.8.0-oracle security update
- ELSA-2015-0069 Important: Oracle Linux java-1.8.0-openjdk security update
- DSA-3147-1 openjdk-6 -- security update
- HP-UX: CVE-2014-6601: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
- Oracle Solaris 11: CVE-2014-6591: Vulnerability in Localization (L10N)
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 7
- HP Systems Insight Manager - HPSBMU03261 (CVE-2014-3566): OpenSSL on Linux and Windows, Remote Disclosure of Information
- Debian: CVE-2014-3566: lighttpd -- security update
- RHSA-2014:1881: java-1.5.0-ibm security update
- F5 Networks: K15702 (CVE-2014-3566): SSLv3 vulnerability CVE-2014-3566
- Sun Patch: Indexing and Search Service 1u5-29.15600: core patch
- Amazon Linux AMI: Security patch for java-1.8.0-openjdk (ALAS-2015-571) (multiple CVEs)
- IBM AIX: java_feb2015_advisory (CVE-2015-0407): Vulnerability in IBM Java SDK affects AIX
- Java CPU January 2015 Java SE Swing vulnerability (CVE-2015-0407)
- TLS/SSL Server Supports SSLv3
- Gentoo Linux: CVE-2015-0408: IcedTea: Multiple vulnerabilities
- RHSA-2015:0086: java-1.6.0-sun security update
- Amazon Linux AMI: Security patch for java-1.8.0-openjdk (ALAS-2015-472) (multiple CVEs)
- Sun Patch: SunOS 5.10: wanboot patch
- Gentoo Linux: CVE-2015-0407: IcedTea: Multiple vulnerabilities
- IBM AIX: java_feb2015_advisory (CVE-2014-6585): Vulnerability in IBM Java SDK affects AIX
- RHSA-2015:0263: Red Hat Satellite IBM Java Runtime security update
- DSA-3323-1 icu -- security update
- ELSA-2015-0085 Important: Oracle Linux java-1.6.0-openjdk security update
- Java CPU January 2015 Java SE, Java SE Embedded, JRockit JSSE vulnerability (CVE-2014-6593)
- RHSA-2015:0079: java-1.7.0-oracle security update
- Gentoo Linux: CVE-2014-6593: IcedTea: Multiple vulnerabilities
- HP-UX: CVE-2015-0410: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
- Cent OS: CVE-2014-3566: CESA-2015:0085 (java-1.6.0-openjdk)
- FreeBSD: davmail -- fix potential CVE-2014-3566 vulnerability (POODLE) (CVE-2014-3566)
- RHSA-2015:1545: node.js security update
- DSA-3144-1 openjdk-7 -- security update
- RHSA-2015:0068: java-1.7.0-openjdk security update
- IBM WebSphere Application Server: CVE-2015-0410: IBM Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU
- SUSE: CVE-2014-6593: SUSE Linux Security Advisory
- Sun Patch: SunOS 5.10_x86: openssl patch
- USN-2522-3: ICU vulnerabilities
- HP-UX: CVE-2015-0412: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
- ELSA-2015-0068 Important: Oracle Linux java-1.7.0-openjdk security update
- Gentoo Linux: CVE-2014-6601: IcedTea: Multiple vulnerabilities
- HP System Management Homepage - HPSBMU03260 (CVE-2014-3566): OpenSSL on Linux and Windows, Remote Disclosure of Information
- Java CPU January 2015 Java SE JAX-WS vulnerability (CVE-2015-0412)
- Cisco NX-OS: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability (Multiple CVEs)
- RHSA-2015:0085: java-1.6.0-openjdk security update
- IBM AIX: java_feb2015_advisory (CVE-2015-0410): Vulnerability in IBM Java SDK affects AIX
- Java CPU January 2015 Java SE Libraries vulnerability (CVE-2014-6587)
- FreeBSD: (Multiple Advisories) (CVE-2014-3566): lynx -- multiple vulnerabilities
- Cent OS: CVE-2014-6585: CESA-2015:0085 (java-1.6.0-openjdk)
- ELSA-2014-1652 Important: Oracle Linux openssl security update
- Sun Patch: VM Server for SPARC 3.1: ldmd patch
- Cisco SAN-OS: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability (CVE-2014-3566)
- HP-UX: CVE-2015-0407: JRE and JDK Vulnerability on HPUX
- IBM AIX: java_feb2015_advisory, java_oct2014_advisory, nettcp_advisory, openssl_advisory11 (CVE-2014-3566): Vulnerability in IBM Java SDK affects AIX
- RHSA-2014:1877: java-1.6.0-ibm security update
- RHSA-2014:1880: java-1.7.1-ibm security update
- SUSE: CVE-2014-6587: SUSE Linux Security Advisory
- Gentoo Linux: CVE-2015-0410: Oracle JRE/JDK: Multiple vulnerabilities
- Gentoo Linux: CVE-2014-3566: Asterisk: Multiple Vulnerabilities
- Jenkins Advisory 2014-10-15: CVE-2014-3566: Poodle vulnerability
- HP-UX: CVE-2015-0395: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
- USN-2522-1: ICU vulnerabilities
- Java CPU January 2015 Java SE, Java SE Embedded, JRockit JSSE vulnerability (CVE-2014-3566)
- Java CPU January 2015 Java SE 2D vulnerability (CVE-2014-6585)