JDK: local disclosure of kerberos credentials cache

🗓️ 18 Jul 2016 13:51:35Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 1 Views

JDK local disclosure of Kerberos credentials cache by nearby attackers via reading the cache.

Reporter	Title	Published	Views	Family All 108
IBM Security Bulletins	Security Bulletin:Multiple Security Vulnerabilities exist in IBM Cognos Insight	24 Feb 202007:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection	16 Jun 201821:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i, Rational Developer for AIX and Linux, Rational Developer for Power Systems Software	3 Aug 201804:23	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2015-4872, CVE-2015-4911, CVE-2015-4893, CVE-2015-4803, CVE-2015-4734, CVE-2015-5006)	17 Jun 201815:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Business Process Manager shipped with IBM Cloud Orchestrator and IBM SmartCloud Orchestrator	17 Jun 201822:30	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium	16 Jun 201821:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects multiple IBM Rational products based on IBM Jazz technology (CVE-2015-7575, CVE-2016-0483, etc.)	28 Apr 202118:35	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in current releases of IBM® WebSphere Real Time	15 Jun 201807:03	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2015-4872, CVE-2015-4893, CVE-2015-4803, CVE-2015-5006, CVE-2016-0483, CVE-2015-7575, CVE-2016-0448, CVE-2016-0466)	17 Jun 201805:07	–	ibm
IBM Security Bulletins	Security Bulletin: CICS Transaction Gateway for Multiplatforms	15 Jun 201807:04	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	5	s390x	java-1.7.0-ibm	1:1.7.0.9.40-1jpp.1.el5	java-1.7.0-ibm-1:1.7.0.9.40-1jpp.1.el5.s390x.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.7.0-ibm	1:1.7.0.9.40-1jpp.1.el5	java-1.7.0-ibm-1:1.7.0.9.40-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux	5	s390x	java-1.7.0-ibm-devel	1:1.7.0.9.40-1jpp.1.el5	java-1.7.0-ibm-devel-1:1.7.0.9.40-1jpp.1.el5.s390x.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.7.0-ibm-devel	1:1.7.0.9.40-1jpp.1.el5	java-1.7.0-ibm-devel-1:1.7.0.9.40-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux	6	s390x	java-1.7.1-ibm	1:1.7.1.3.40-1jpp.1.el6_7	java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7.s390x.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.7.1-ibm	1:1.7.1.3.40-1jpp.1.el6_7	java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm
Red Hat Enterprise Linux	6	s390x	java-1.7.1-ibm-devel	1:1.7.1.3.40-1jpp.1.el6_7	java-1.7.1-ibm-devel-1:1.7.1.3.40-1jpp.1.el6_7.s390x.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.7.1-ibm-devel	1:1.7.1.3.40-1jpp.1.el6_7	java-1.7.1-ibm-devel-1:1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm
Red Hat Enterprise Linux	5	any	spacewalk-java	0:2.0.2-109.el5sat.noarch	spacewalk-java-0:2.0.2-109.el5sat.noarch.noarch.rpm
Red Hat Enterprise Linux	6	any	spacewalk-java	0:2.0.2-109.el6sat.noarch	spacewalk-java-0:2.0.2-109.el6sat.noarch.noarch.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2015-5006
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2015-5006
cve	www.cve.org/CVERecord

14 May 2026 22:23Current

7.3High risk

Vulners AI Score7.3

CVSS 22.1

EPSS0.00074

kerberos credentials cache ibm java security ibm sdk java affected versions proximate attackers kerberos cache read unix environment