CVE-2015-5006 — LOW (2.1) — White Hats Nepal

Q: How severe is CVE-2015-5006?

CVE-2015-5006 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-5006?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Java 2 Sdk, Ibm Java Sdk, Redhat Satellite, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.

Vulnerability Description

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.

CVSS Score

2.1

LOW

AV:L/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Java 2 Sdk	>= 5.0.0.0, <= 5.0.16.13
Ibm	Java Sdk	>= 6.0.0.0, < 6.0.16.15
Redhat	Satellite	5.6
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Server Eus	6.7
Redhat	Enterprise Linux Workstation	5.0
Suse	Linux Enterprise Server	11
Suse	Linux Enterprise Software Development Kit	11

Related Weaknesses (CWE)

CWE-200

References

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2506.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2507.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2508.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2509.htmlThird Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IV78316Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21969225Vendor Advisory
http://www.securityfocus.com/bid/77645Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1034214Third Party AdvisoryVDB Entry

FAQ

What is CVE-2015-5006?

CVE-2015-5006 is a vulnerability with a CVSS score of 2.1 (LOW). IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attacker...

How severe is CVE-2015-5006?

CVE-2015-5006 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-5006?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Java 2 Sdk, Ibm Java Sdk, Redhat Satellite, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.