Alpine: openjdk7: security update to 7.71.-r1 (deprecated)

low Tenable Self-Hosted Container Security Plugin ID 401181

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect
confidentiality, integrity, and availability via vectors related to RMI. (CVE-2015-0408)

- The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC
padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-
oracle attack, aka the "POODLE" issue. (CVE-2014-3566)

- Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect
confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591.
(CVE-2014-6585)

- Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect
confidentiality, integrity, and availability via unknown vectors related to Libraries. (CVE-2014-6587)

- Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows
remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability
than CVE-2014-6585. (CVE-2014-6591)

See Also

https://git.alpinelinux.org/aports/commit/?id=8c89f11b647949f06fbef635e60814476280caa9

https://git.alpinelinux.org/aports/commit/?id=926c90d464a607b5d7566361f0b6b104371733bc

Plugin Details

Severity: Low

ID: 401181

Version: Revision 1.26

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2015-0408

CVSS v3

Risk Factor: Low

Base Score: 3.4

Temporal Score: 3.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2014-3566

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/28/2015

Vulnerability Publication Date: 10/14/2014

Reference Information

CVE: CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0400, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412

BID: 70574, 72132, 72136, 72140, 72142, 72155, 72159, 72162, 72165, 72168, 72169, 72173, 72175