A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address.
Find out more about CVE-2015-2625 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 2.6 |
---|---|
Base Metrics | AV:N/AC:H/Au:N/C:N/I:P/A:N |
Access Vector | Network |
Access Complexity | High |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | Partial |
Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Oracle Java for Red Hat Enterprise Linux 6 (java-1.8.0-oracle) | RHSA-2015:1241 | 2015-07-17 |
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm) | RHSA-2015:1485 | 2015-07-22 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.6.0-sun) | RHSA-2015:1243 | 2015-07-17 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.7.0-oracle) | RHSA-2015:1242 | 2015-07-17 |
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) | RHSA-2015:1486 | 2015-07-22 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.7.0-oracle) | RHSA-2015:1242 | 2015-07-17 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.6.0-sun) | RHSA-2015:1243 | 2015-07-17 |
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-ibm) | RHSA-2015:1488 | 2015-07-23 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.8.0-oracle) | RHSA-2015:1241 | 2015-07-17 |
Red Hat Enterprise Linux 6 (java-1.8.0-openjdk) | RHSA-2015:1228 | 2015-07-15 |
Red Hat Enterprise Linux 6 (java-1.6.0-openjdk) | RHSA-2015:1526 | 2015-07-30 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) | RHSA-2015:1486 | 2015-07-22 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.1-ibm) | RHSA-2015:1485 | 2015-07-22 |
Red Hat Enterprise Linux 5 (java-1.6.0-openjdk) | RHSA-2015:1526 | 2015-07-30 |
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk) | RHSA-2015:1229 | 2015-07-15 |
Red Hat Satellite 5.6 (RHEL v.6) (java-1.6.0-ibm) | RHSA-2015:1604 | 2015-08-12 |
Red Hat Enterprise Linux 5 (java-1.7.0-openjdk) | RHSA-2015:1230 | 2015-07-15 |
Red Hat Enterprise Linux 7 (java-1.6.0-openjdk) | RHSA-2015:1526 | 2015-07-30 |
Red Hat Satellite 5.7 (RHEL v.6) (java-1.6.0-ibm) | RHSA-2015:1604 | 2015-08-12 |
Red Hat Satellite 5.6 (RHEL v.5) (java-1.6.0-ibm) | RHSA-2015:1604 | 2015-08-12 |
Oracle Java for Red Hat Enterprise Linux 5 (java-1.7.0-oracle) | RHSA-2015:1242 | 2015-07-17 |
Oracle Java for Red Hat Enterprise Linux 5 (java-1.6.0-sun) | RHSA-2015:1243 | 2015-07-17 |
Red Hat Enterprise Linux 7 (java-1.8.0-openjdk) | RHSA-2015:1228 | 2015-07-15 |
Red Hat Enterprise Linux 7 (java-1.7.0-openjdk) | RHSA-2015:1229 | 2015-07-15 |