Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack.
Find out more about CVE-2015-0383 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 3.3 |
---|---|
Base Metrics | AV:L/AC:M/Au:N/C:N/I:P/A:P |
Access Vector | Local |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | Partial |
Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux 5 (java-1.6.0-openjdk) | RHSA-2015:0085 | 2015-01-26 |
Red Hat Enterprise Linux 7 (java-1.7.0-openjdk) | RHSA-2015:0067 | 2015-01-21 |
Red Hat Enterprise Linux 5 (java-1.7.0-openjdk) | RHSA-2015:0068 | 2015-01-20 |
Oracle Java for Red Hat Enterprise Linux 5 (java-1.6.0-sun) | RHSA-2015:0086 | 2015-01-26 |
Oracle Java for Red Hat Enterprise Linux 5 (java-1.7.0-oracle) | RHSA-2015:0079 | 2015-01-22 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.7.0-oracle) | RHSA-2015:0079 | 2015-01-22 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.8.0-oracle) | RHSA-2015:0080 | 2015-01-22 |
Red Hat Enterprise Linux 7 (java-1.6.0-openjdk) | RHSA-2015:0085 | 2015-01-26 |
Red Hat Enterprise Linux 6 (java-1.8.0-openjdk) | RHSA-2015:0069 | 2015-01-21 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.6.0-sun) | RHSA-2015:0086 | 2015-01-26 |
Red Hat Enterprise Linux 6 (java-1.6.0-openjdk) | RHSA-2015:0085 | 2015-01-26 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.7.0-oracle) | RHSA-2015:0079 | 2015-01-22 |
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk) | RHSA-2015:0067 | 2015-01-21 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.6.0-sun) | RHSA-2015:0086 | 2015-01-26 |