CVE-2015-0477: Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans.

CVE-2015-0477 [MEDIUM] GHSA-gjp3-335p-r7fw: Unspecified vulnerability in Oracle Java SE 5 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans.

CVE-2015-0460 [CRITICAL] openjdk-7 vulnerabilities openjdk-7 vulnerabilities Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469) Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. (CVE-2015-0480) Florian Weimer discovered that the RSA implementation in the JCE component in OpenJDK JRE did not follow recommended practices for implementing RSA signatures. An attacker could use this to expose sensitive data. (CVE-2015-0478) A vulnerability was discovered in the OpenJDK JRE related to data integrity. An

CVE-2015-0477 [MEDIUM] CVE-2015-0477: Unspecified vulnerability in Oracle Java SE 5 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans.

CVE-2015-0460 [CRITICAL] OpenJDK 6 vulnerabilities Title: OpenJDK 6 vulnerabilities Summary: Several security issues were fixed in OpenJDK 6. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469) Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. (CVE-2015-0480) Florian Weimer discovered that the RSA implementation in the JCE component in OpenJDK JRE did not follow recommended practices for implementing RSA signatures. An attacker could use this to expose sensitive data. (CVE-2015-0478) A vulnerabilit

CVE-2015-0460 [CRITICAL] OpenJDK 7 vulnerabilities Title: OpenJDK 7 vulnerabilities Summary: Several security issues were fixed in OpenJDK 7. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469) Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. (CVE-2015-0480) Florian Weimer discovered that the RSA implementation in the JCE component in OpenJDK JRE did not follow recommended practices for implementing RSA signatures. An attacker could use this to expose sensitive data. (CVE-2015-0478) A vulnerabilit

CVE-2015-0477 [MEDIUM] OpenJDK: incorrect permissions check in resource loading (Beans, 8068320) OpenJDK: incorrect permissions check in resource loading (Beans, 8068320) Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans. A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.

CVE-2015-0477 [MEDIUM] CVE-2015-0477: openjdk-8 - Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows ... Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans. Scope: local sid: resolved (fixed in 8u45-b14-1)

CVE-2015-0477 [MEDIUM] CVE-2015-0477 OpenJDK: incorrect permissions check in resource loading (Beans, 8068320) CVE-2015-0477 OpenJDK: incorrect permissions check in resource loading (Beans, 8068320) It was discovered that the Beans component in OpenJDK incorrectly given permissions to code when loading resources. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions and request resources which should not be accessible. Discussion: Public now via Oracle Critical Patch Update - April 2015. Fixed in Oracle Java SE 6u95, 7u79, and 8u45. External References: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA --- This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2015:0807 https://rhn.redhat.com/errata/RHSA-2015-0807.html --- This issue has been addressed in the follo