1219265 – (CVE-2015-1916) CVE-2015-1916 IBM JDK: unspecified SSL/TLS server DoS

Bug 1219265 (CVE-2015-1916) - CVE-2015-1916 IBM JDK: unspecified SSL/TLS server DoS

Summary: CVE-2015-1916 IBM JDK: unspecified SSL/TLS server DoS

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2015-1916
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1209063
TreeView+	depends on / blocked

Reported:	2015-05-06 21:44 UTC by Tomas Hoger
Modified:	2019-09-29 13:32 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2015-05-06 21:47:22 UTC
Embargoed:

Attachments	(Terms of Use)

Description Tomas Hoger 2015-05-06 21:44:09 UTC

IBM JDK version 8 SR1 corrects an unspecified denial of service flaw in the JSSE component:

Server applications which use the IBM Java Secure Socket Extension provider to accept SSL/TLS connections are vulnerable to a denial of service attack due to an unspecified vulnerability.

References:

http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May_2015
http://www-01.ibm.com/support/docview.wss?uid=swg21883640

Comment 1 Tomas Hoger 2015-05-06 21:47:22 UTC

According to IBM Java security alerts page, this only affected IBM Java 8, which is not currently shipped in Red Hat Enterprise Linux.  The java-1.5.0-ibm, java-1.6.0-ibm, java-1.7.0-ibm and java-1.7.1-ibm packages as shipped with Red Hat Enterprise Linux 5, 6, and 7 Supplementary were not affected by this issue.

Note You need to log in before you can comment on or make changes to this bug.