10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.112 Low
EPSS
Percentile
94.3%
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.
This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Further information
about these flaws can be found on the IBM Java Security alerts page, listed
in the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192,
CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478,
CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808)
The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat
Product Security.
Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites
by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla
bug 1207101, linked to from the References section, for additional details
about this change.
All users of java-1.6.0-ibm are advised to upgrade to these updated
packages, containing the IBM Java SE 6 SR16-FP4 release. All running
instances of IBM Java must be restarted for the update to take effect.