ID CVE-2014-6527
Summary Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jdk:1.7.0:update_67
    cpe:2.3:a:oracle:jdk:1.7.0:update_67
  • cpe:2.3:a:oracle:jdk:1.8.0:update_20
    cpe:2.3:a:oracle:jdk:1.8.0:update_20
  • cpe:2.3:a:oracle:jre:1.7.0:update_67
    cpe:2.3:a:oracle:jre:1.7.0:update_67
  • cpe:2.3:a:oracle:jre:1.8.0:update_20
    cpe:2.3:a:oracle:jre:1.8.0:update_20
CVSS
Base: 2.6 (as of 19-10-2014 - 21:46)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201502-12.NASL
    description The remote host is affected by the vulnerability described in GLSA-201502-12 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Oracle’s Java SE Development Kit and Runtime Environment. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, disclose, update, insert, or delete certain data. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 81370
    published 2015-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81370
    title GLSA-201502-12 : Oracle JRE/JDK: Multiple vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1657.NASL
    description Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 72 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 79056
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79056
    title RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2014:1657)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_7_0-IBM-141121.NASL
    description java-1_7_0-ibm has been updated to version 1.7.0_sr7.2 to fix 21 security issues. These security issues have been fixed : - Unspecified vulnerability. (CVE-2014-3065) - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the 'POODLE' issue. (CVE-2014-3566) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. (CVE-2014-6513) - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2014-6456) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288 / CVE-2014-6493 / CVE-2014-6532. (CVE-2014-6503) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288 / CVE-2014-6493 / CVE-2014-6503. (CVE-2014-6532) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493 / CVE-2014-6503 / CVE-2014-6532. (CVE-2014-4288) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288 / CVE-2014-6503 / CVE-2014-6532. (CVE-2014-6493) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (CVE-2014-6492) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (CVE-2014-6458) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (CVE-2014-6466) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. (CVE-2014-6506) - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527. (CVE-2014-6476) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. (CVE-2014-6515) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. (CVE-2014-6511) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. (CVE-2014-6531) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries. (CVE-2014-6512) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. (CVE-2014-6457) - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476. (CVE-2014-6527) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. (CVE-2014-6502) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. (CVE-2014-6558) More information can be found at http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update _November_2014
    last seen 2019-02-21
    modified 2015-01-13
    plugin id 79635
    published 2014-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79635
    title SuSE 11.3 Security Update : IBM Java (SAT Patch Number 9999)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_6_0-IBM-141119.NASL
    description java-1_6_0-ibm has been updated to version 1.6.0_sr16.2 to fix 18 security issues. These security issues has been fixed : - Unspecified vulnerability in Oracle Java SE 6u81. (CVE-2014-3065) - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the 'POODLE' issue. (CVE-2014-3566) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. (CVE-2014-6513) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288 / CVE-2014-6493 / CVE-2014-6532. (CVE-2014-6503) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288 / CVE-2014-6493 / CVE-2014-6503. (CVE-2014-6532) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493 / CVE-2014-6503 / CVE-2014-6532. (CVE-2014-4288) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288 / CVE-2014-6503 / CVE-2014-6532. (CVE-2014-6493) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (CVE-2014-6492) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (CVE-2014-6458) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (CVE-2014-6466) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. (CVE-2014-6506) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. (CVE-2014-6515) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. (CVE-2014-6511) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. (CVE-2014-6531) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries. (CVE-2014-6512) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. (CVE-2014-6457) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. (CVE-2014-6502) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. (CVE-2014-6558) More information can be found at http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update _November_2014
    last seen 2019-02-21
    modified 2015-01-13
    plugin id 79634
    published 2014-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79634
    title SuSE 11.3 Security Update : IBM Java (SAT Patch Number 9992)
  • NASL family AIX Local Security Checks
    NASL id AIX_JAVA_OCT2014_ADVISORY.NASL
    description The version of Java SDK installed on the remote host is affected by the following vulnerabilities : - A privilege escalation vulnerability in the IBM Java SDK allows a local attacker to inject arbitrary code into the shared classes cache due to a flaw in the default configuration for the shared classes feature. Other users are able to execute the injected code, which can allow the attacker to gain elevated privileges. (CVE-2014-3065) - Oracle Java contains the flaw related to SSLv3 CBC-mode ciphers known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - Vulnerabilities in Oracle Java allow remote code execution via flaws in the Deployment subcomponent. (CVE-2014-4288, CVE-2014-6492, CVE-2014-6493, CVE-2014-6503, CVE-2014-6532) - A session hijacking vulnerability exists in Oracle Java due to a flaw related to handling of server certificate changes during SSL/TLS renegotiation. This allows an attacker to intercept communication between a client and server to hijack a mutually authenticated session. (CVE-2014-6457) - Privilege escalation vulnerabilities exist in Oracle Java within the the Deployment subcomponent. (CVE-2014-6458, CVE-2014-6466) - Data integrity vulnerabilities exist in Oracle Java within the the Deployment subcomponent. (CVE-2014-6476, CVE-2014-6515, CVE-2014-6527) - A privilege escalation vulnerability exists in Oracle Java in the resource bundle handling code of the 'LogRecord::readObject' function within the file 'share/classes/java/util/logging/LogRecord.java', which allows an attacker to bypass certain sandbox restrictions. (CVE-2014-6502) - A privilege escalation vulnerability exists in Oracle Java within the property processing and name handling code of 'share/classes/java/util/ResourceBundle.java', which allows an attacker to bypass certain sandbox restrictions. (CVE-2014-6506) - Oracle Java contains an unspecified vulnerability in the 2D subcomponent. (CVE-2014-6511) - An information disclosure vulnerability exists in Oracle Java due to a flaw related to the wrapping of datagram sockets in the DatagramSocket implementation. This issue may cause packets to be read that originate from other sources than the connected, thus allowing a remote attacker to carry out IP spoofing. (CVE-2014-6512) - A flaw exists in the way splash images are handled by 'windows/native/sun/awt/splashscreen/splashscreen_sys.c' which allows remote code execution. (CVE-2014-6513) - A privilege escalation vulnerability exists in Oracle Java in 'share/classes/java/util/logging/Logger.java' because it fails to check permissions in certain cases, allowing an attacker to bypass sandbox restrictions and view or edit logs. (CVE-2014-6531) - A flaw related to input cipher streams within the file 'share/classes/javax/crypto/CipherInputStream.java' can allow a remote attacker to affect the data integrity. (CVE-2014-6558)
    last seen 2019-02-21
    modified 2018-07-17
    plugin id 79626
    published 2014-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79626
    title AIX Java Advisory : java_oct2014_advisory.asc (POODLE)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1882.NASL
    description Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 2 December 2014] This advisory has been updated to include updated java-1.7.0-ibm-jdbc and java-1.7.0-ibm-plugin packages, which were previously missing from this erratum. No changes were made to the other packages in this erratum. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-3065, CVE-2014-3566, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM SDK now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM article linked to in the References section for additional details about this change and instructions on how to re-enable SSL 3.0 support if needed. Note: This is the last update for the java-1.7.0-ibm packages distributed via the Red Hat Enterprise Linux 6 Supplementary channels. The RHEA-2014:1619 advisory, released as a part of Red Hat Enterprise Linux 6.6, introduced the new java-1.7.1-ibm packages. These packages contain IBM Java SE version 7 Release 1, which adds multiple enhancements over the IBM Java SE version 7 in the java-1.7.0-ibm packages. All java-1.7.0-ibm users must migrate to java-1.7.1-ibm packages to continue receiving updates for the IBM Java SE version 7 via the Red Hat Enterprise Linux 6 Supplementary channel. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR8 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 79379
    published 2014-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79379
    title RHEL 6 : java-1.7.0-ibm (RHSA-2014:1882) (POODLE)
  • NASL family Windows
    NASL id ORACLE_JAVA_CPU_OCT_2014.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 25, 7 Update 71, 6 Update 85, or 5 Update 75. It is, therefore, affected by security issues in the following components : - 2D - AWT - Deployment - Hotspot - JAXP - JSSE - JavaFX - Libraries - Security
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 78481
    published 2014-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78481
    title Oracle Java SE Multiple Vulnerabilities (October 2014 CPU)
  • NASL family Misc.
    NASL id ORACLE_JAVA_CPU_OCT_2014_UNIX.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 25, 7 Update 71, 6 Update 85, or 5 Update 75. It is, therefore, affected by security issues in the following components : - 2D - AWT - Deployment - Hotspot - JAXP - JSSE - JavaFX - Libraries - Security
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 78482
    published 2014-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78482
    title Oracle Java SE Multiple Vulnerabilities (October 2014 CPU) (Unix)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_7_0-OPENJDK-141024.NASL
    description Oracle Critical Patch Update Advisory - October 2014 Description : A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Find more information here: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.h tml
    last seen 2019-02-21
    modified 2014-11-12
    plugin id 79208
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79208
    title SuSE 11.3 Security Update : Java OpenJDK (SAT Patch Number 9906)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2388-2.NASL
    description USN-2388-1 fixed vulnerabilities in OpenJDK 7 for Ubuntu 14.04 LTS. This update provides the corresponding updates for Ubuntu 14.10. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6457) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-6502, CVE-2014-6512, CVE-2014-6519, CVE-2014-6527, CVE-2014-6558) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-6504, CVE-2014-6511, CVE-2014-6517, CVE-2014-6531) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-6506, CVE-2014-6513). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 78668
    published 2014-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78668
    title Ubuntu 14.10 : openjdk-7 vulnerabilities (USN-2388-2)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2388-1.NASL
    description A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6457) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-6502, CVE-2014-6512, CVE-2014-6519, CVE-2014-6527, CVE-2014-6558) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-6504, CVE-2014-6511, CVE-2014-6517, CVE-2014-6531) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-6506, CVE-2014-6513). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 78654
    published 2014-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78654
    title Ubuntu 14.04 LTS : openjdk-7 vulnerabilities (USN-2388-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1876.NASL
    description Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-3065, CVE-2014-3566, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM SDK now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM article linked to in the References section for additional details about this change and instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR8 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79351
    published 2014-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79351
    title RHEL 5 : java-1.7.0-ibm (RHSA-2014:1876) (POODLE)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1880.NASL
    description Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-3065, CVE-2014-3566, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM SDK now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM article linked to in the References section for additional details about this change and instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR2 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 79377
    published 2014-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79377
    title RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2014:1880) (POODLE)
redhat via4
advisories
  • rhsa
    id RHSA-2014:1657
  • rhsa
    id RHSA-2014:1876
  • rhsa
    id RHSA-2014:1880
  • rhsa
    id RHSA-2014:1882
refmap via4
bid 70560
confirm
gentoo GLSA-201502-12
hp
  • HPSBUX03218
  • SSRT101770
secunia
  • 61164
  • 61346
  • 61609
suse
  • SUSE-SU-2014:1526
  • SUSE-SU-2014:1549
  • SUSE-SU-2015:0344
ubuntu
  • USN-2388-1
  • USN-2388-2
Last major update 16-03-2015 - 22:00
Published 15-10-2014 - 18:55
Back to Top