CVE-2015-3149 — MEDIUM (5.5)

Vulnerability Description

The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Hpc Node	6.0
Redhat	Enterprise Linux Hpc Node Eus	7.1
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Server Aus	6.6
Redhat	Enterprise Linux Server Eus	6.6z
Redhat	Enterprise Linux Workstation	6.0

Related Weaknesses (CWE)

CWE-59

References

http://rhn.redhat.com/errata/RHSA-2015-1228.htmlVendor Advisory
http://www.securityfocus.com/bid/75933Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1213365Issue TrackingVendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1228.htmlVendor Advisory
http://www.securityfocus.com/bid/75933Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1213365Issue TrackingVendor Advisory

FAQ

What is CVE-2015-3149?

CVE-2015-3149 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.

How severe is CVE-2015-3149?

CVE-2015-3149 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-3149?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Hpc Node Eus, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus.