Lucene search

Veracode Vulnerability DatabaseVERACODE:17079

HistoryMay 02, 2019 - 5:39 a.m.

Information Disclosure

2019-05-0205:39:15

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

IBM Java SE is vulnerable to information disclosure. The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the “Bar Mitzvah” issue.

CPENameOperatorVersion
java-1.6.0-ibmeq1.6.0.16.0__1jpp.1.el5
java-1.6.0-ibmeq1.6.0.10.1__1jpp.5.el6_2
java-1.6.0-ibmeq1.6.0.8.1__1jpp.2.el5
java-1.6.0-ibmeq1.6.0.9.1__1jpp.1.el5
java-1.6.0-ibmeq1.6.0.15.0__1jpp.1.el6
java-1.6.0-ibmeq1.6.0.16.2__1jpp.1.el6
java-1.6.0-ibmeq1.6.0.16.3__1jpp.1.el5
java-1.6.0-ibmeq1.6.0.9.1__1jpp.1.el6
java-1.6.0-ibmeq1.6.0.14.0__1jpp.1.el5_9
java-1.6.0-ibmeq1.6.0.10.1__1jpp.1.el5

Name	Operator	Version
java-1.6.0-ibm	eq	1.6.0.16.0__1jpp.1.el5
java-1.6.0-ibm	eq	1.6.0.10.1__1jpp.5.el6_2
java-1.6.0-ibm	eq	1.6.0.8.1__1jpp.2.el5
java-1.6.0-ibm	eq	1.6.0.9.1__1jpp.1.el5
java-1.6.0-ibm	eq	1.6.0.15.0__1jpp.1.el6
java-1.6.0-ibm	eq	1.6.0.16.2__1jpp.1.el6
java-1.6.0-ibm	eq	1.6.0.16.3__1jpp.1.el5
java-1.6.0-ibm	eq	1.6.0.9.1__1jpp.1.el6
java-1.6.0-ibm	eq	1.6.0.14.0__1jpp.1.el5_9
java-1.6.0-ibm	eq	1.6.0.10.1__1jpp.1.el5

Rows per page:

1-10 of 1251

References

h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

kb.juniper.net/InfoCenter/index?page=content&id=JSA10727

lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html

lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html

marc.info/?l=bugtraq&m=143456209711959&w=2

marc.info/?l=bugtraq&m=143629696317098&w=2

marc.info/?l=bugtraq&m=143741441012338&w=2

marc.info/?l=bugtraq&m=143817021313142&w=2

marc.info/?l=bugtraq&m=143817899717054&w=2

marc.info/?l=bugtraq&m=143818140118771&w=2

marc.info/?l=bugtraq&m=144043644216842&w=2

marc.info/?l=bugtraq&m=144059660127919&w=2

marc.info/?l=bugtraq&m=144059703728085&w=2

marc.info/?l=bugtraq&m=144060576831314&w=2

marc.info/?l=bugtraq&m=144060606031437&w=2

marc.info/?l=bugtraq&m=144069189622016&w=2

marc.info/?l=bugtraq&m=144102017024820&w=2

marc.info/?l=bugtraq&m=144104533800819&w=2

marc.info/?l=bugtraq&m=144104565600964&w=2

marc.info/?l=bugtraq&m=144493176821532&w=2

rhn.redhat.com/errata/RHSA-2015-1006.html

rhn.redhat.com/errata/RHSA-2015-1007.html

rhn.redhat.com/errata/RHSA-2015-1020.html

rhn.redhat.com/errata/RHSA-2015-1021.html

rhn.redhat.com/errata/RHSA-2015-1091.html

rhn.redhat.com/errata/RHSA-2015-1228.html

rhn.redhat.com/errata/RHSA-2015-1229.html

rhn.redhat.com/errata/RHSA-2015-1230.html

rhn.redhat.com/errata/RHSA-2015-1241.html

rhn.redhat.com/errata/RHSA-2015-1242.html

rhn.redhat.com/errata/RHSA-2015-1243.html

rhn.redhat.com/errata/RHSA-2015-1526.html

www-01.ibm.com/support/docview.wss?uid=swg1IV71888

www-01.ibm.com/support/docview.wss?uid=swg1IV71892

www-01.ibm.com/support/docview.wss?uid=swg21883640

www-304.ibm.com/support/docview.wss?uid=swg21903565

www-304.ibm.com/support/docview.wss?uid=swg21960015

www-304.ibm.com/support/docview.wss?uid=swg21960769

www.debian.org/security/2015/dsa-3316

www.debian.org/security/2015/dsa-3339

www.huawei.com/en/psirt/security-advisories/hw-454055

www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.securityfocus.com/bid/73684

www.securityfocus.com/bid/91787

www.securitytracker.com/id/1032599

www.securitytracker.com/id/1032600

www.securitytracker.com/id/1032707

www.securitytracker.com/id/1032708

www.securitytracker.com/id/1032734

www.securitytracker.com/id/1032788

www.securitytracker.com/id/1032858

www.securitytracker.com/id/1032868

www.securitytracker.com/id/1032910

www.securitytracker.com/id/1032990

www.securitytracker.com/id/1033071

www.securitytracker.com/id/1033072

www.securitytracker.com/id/1033386

www.securitytracker.com/id/1033415

www.securitytracker.com/id/1033431

www.securitytracker.com/id/1033432

www.securitytracker.com/id/1033737

www.securitytracker.com/id/1033769

www.securitytracker.com/id/1036222

www.ubuntu.com/usn/USN-2696-1

www.ubuntu.com/usn/USN-2706-1

www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm

access.redhat.com/security/updates/classification/#critical

bugzilla.redhat.com/show_bug.cgi?id=1207101#c4

h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789

h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650

h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888

kb.juniper.net/JSA10783

kc.mcafee.com/corporate/index?page=content&id=SB10163

rhn.redhat.com/errata/RHSA-2015-1006.html

security.gentoo.org/glsa/201512-10

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709

www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf

www.ibm.com/developerworks/java/jdk/alerts/

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Related for VERACODE:17079