OpenJDK: kerberos realm name leak (JGSS, 8048030)

🗓️ 21 Oct 2015 20:57:50Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 2 Views

OpenJDK Kerberos realm name leak via JGSS; affects Java SE versions 6u101, 7u85, 8u60 and Embedded 8u51.

Reporter	Title	Published	Views	Family All 263
IBM Security Bulletins	Security Bulletin:Multiple Security Vulnerabilities exist in IBM Cognos Insight	24 Feb 202007:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection	16 Jun 201821:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2015-4872, CVE-2015-4911, CVE-2015-4893, CVE-2015-4803, CVE-2015-4734, CVE-2015-5006)	17 Jun 201815:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Business Process Manager shipped with IBM Cloud Orchestrator and IBM SmartCloud Orchestrator	17 Jun 201822:30	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium	16 Jun 201821:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in current releases of IBM® WebSphere Real Time	15 Jun 201807:03	–	ibm
IBM Security Bulletins	Security Bulletin: CICS Transaction Gateway for Multiplatforms	15 Jun 201807:04	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i.	18 Dec 201914:26	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified in WebSphere Application Server shipped with IBM Tivoli Service Automation Manager (CVE-2015-4872, CVE-2015-4734 and CVE-2015-5006)	17 Jun 201822:32	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with WebSphere Process Server (CVE-2015-7450, CVE-2015-2017, CVE-2015-4872, CVE-2015-4734, CVE-2015-5006)	15 Sep 202218:47	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	7	ppc64le	java-1.7.0-openjdk	1:1.7.0.91-2.6.2.1.ael7b_1	java-1.7.0-openjdk-1:1.7.0.91-2.6.2.1.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux	7	ppc64	java-1.7.0-openjdk	1:1.7.0.91-2.6.2.1.el7_1	java-1.7.0-openjdk-1:1.7.0.91-2.6.2.1.el7_1.ppc64.rpm
Red Hat Enterprise Linux	7	s390x	java-1.7.0-openjdk	1:1.7.0.91-2.6.2.1.el7_1	java-1.7.0-openjdk-1:1.7.0.91-2.6.2.1.el7_1.s390x.rpm
Red Hat Enterprise Linux	7	x86_64	java-1.7.0-openjdk	1:1.7.0.91-2.6.2.1.el7_1	java-1.7.0-openjdk-1:1.7.0.91-2.6.2.1.el7_1.x86_64.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.7.0-openjdk	1:1.7.0.91-2.6.2.2.el6_7	java-1.7.0-openjdk-1:1.7.0.91-2.6.2.2.el6_7.x86_64.rpm
Red Hat Enterprise Linux	6	any	java-1.7.0-openjdk	1:1.7.0.91-2.6.2.2.el6_7.i686	java-1.7.0-openjdk-1:1.7.0.91-2.6.2.2.el6_7.i686.noarch.rpm
Red Hat Enterprise Linux	7	ppc64le	java-1.7.0-openjdk-accessibility	1:1.7.0.91-2.6.2.1.ael7b_1	java-1.7.0-openjdk-accessibility-1:1.7.0.91-2.6.2.1.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux	7	ppc64	java-1.7.0-openjdk-accessibility	1:1.7.0.91-2.6.2.1.el7_1	java-1.7.0-openjdk-accessibility-1:1.7.0.91-2.6.2.1.el7_1.ppc64.rpm
Red Hat Enterprise Linux	7	s390x	java-1.7.0-openjdk-accessibility	1:1.7.0.91-2.6.2.1.el7_1	java-1.7.0-openjdk-accessibility-1:1.7.0.91-2.6.2.1.el7_1.s390x.rpm
Red Hat Enterprise Linux	7	x86_64	java-1.7.0-openjdk-accessibility	1:1.7.0.91-2.6.2.1.el7_1	java-1.7.0-openjdk-accessibility-1:1.7.0.91-2.6.2.1.el7_1.x86_64.rpm

Source	Link
oracle	www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
access	www.access.redhat.com/security/cve/CVE-2015-4734
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2015-4734
cve	www.cve.org/CVERecord

27 Jun 2026 18:15Current

7.3High risk

Vulners AI Score7.3

CVSS 25

EPSS0.04695

kerberos realm leak jgss vector java se 6u101 java se 7u85 java se 8u60 embedded 8u51