ID CVE-2014-0878
Summary The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:java_sdk:6.0.0.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.0.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.1.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.1.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.2.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.2.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.3.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.3.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.4.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.4.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.5.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.5.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.6.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.6.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.7.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.7.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.8.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.8.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.8.1:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.8.1:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.9.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.9.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.9.1:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.9.1:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.9.2:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.9.2:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.10.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.10.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.10.1:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.10.1:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.11.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.11.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.12.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.12.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.13.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.13.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.13.1:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.13.1:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.13.2:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.13.2:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.14.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.14.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.15.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.15.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:6.0.15.1:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:6.0.15.1:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:5.0.0.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:5.0.0.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:5.0.11.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:5.0.11.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:5.0.11.1:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:5.0.11.1:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:5.0.11.2:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:5.0.11.2:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:5.0.12.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:5.0.12.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:5.0.12.1:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:5.0.12.1:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:5.0.12.2:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:5.0.12.2:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:5.0.12.3:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:5.0.12.3:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:5.0.12.4:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:5.0.12.4:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:5.0.12.5:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:5.0.12.5:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:5.0.13.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:5.0.13.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:5.0.14.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:5.0.14.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:5.0.15.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:5.0.15.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:5.0.16.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:5.0.16.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:5.0.16.1:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:5.0.16.1:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:5.0.16.2:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:5.0.16.2:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:5.0.16.3:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:5.0.16.3:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:5.0.16.4:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:5.0.16.4:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:5.0.16.5:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:5.0.16.5:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:7.0.0.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:7.0.0.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:7.0.1.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:7.0.1.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:7.0.2.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:7.0.2.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:7.0.3.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:7.0.3.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:7.0.4.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:7.0.4.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:7.0.4.1:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:7.0.4.1:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:7.0.4.2:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:7.0.4.2:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:7.0.5.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:7.0.5.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:7.0.6.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:7.0.6.0:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:7.0.6.1:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:7.0.6.1:*:*:*:technology:*:*:*
  • cpe:2.3:a:ibm:java_sdk:7.1.0.0:*:*:*:technology:*:*:*
    cpe:2.3:a:ibm:java_sdk:7.1.0.0:*:*:*:technology:*:*:*
CVSS
Base: 5.8 (as of 29-08-2017 - 01:34)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
redhat via4
rpms
  • java-1.7.0-ibm-1:1.7.0.7.0-1jpp.1.el5_10
  • java-1.7.0-ibm-1:1.7.0.7.0-1jpp.1.el6_5
  • java-1.7.0-ibm-demo-1:1.7.0.7.0-1jpp.1.el5_10
  • java-1.7.0-ibm-demo-1:1.7.0.7.0-1jpp.1.el6_5
  • java-1.7.0-ibm-devel-1:1.7.0.7.0-1jpp.1.el5_10
  • java-1.7.0-ibm-devel-1:1.7.0.7.0-1jpp.1.el6_5
  • java-1.7.0-ibm-jdbc-1:1.7.0.7.0-1jpp.1.el5_10
  • java-1.7.0-ibm-jdbc-1:1.7.0.7.0-1jpp.1.el6_5
  • java-1.7.0-ibm-plugin-1:1.7.0.7.0-1jpp.1.el5_10
  • java-1.7.0-ibm-plugin-1:1.7.0.7.0-1jpp.1.el6_5
  • java-1.7.0-ibm-src-1:1.7.0.7.0-1jpp.1.el5_10
  • java-1.7.0-ibm-src-1:1.7.0.7.0-1jpp.1.el6_5
  • java-1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el5_10
  • java-1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el6_5
  • java-1.6.0-ibm-accessibility-1:1.6.0.16.0-1jpp.1.el5_10
  • java-1.6.0-ibm-demo-1:1.6.0.16.0-1jpp.1.el5_10
  • java-1.6.0-ibm-demo-1:1.6.0.16.0-1jpp.1.el6_5
  • java-1.6.0-ibm-devel-1:1.6.0.16.0-1jpp.1.el5_10
  • java-1.6.0-ibm-devel-1:1.6.0.16.0-1jpp.1.el6_5
  • java-1.6.0-ibm-javacomm-1:1.6.0.16.0-1jpp.1.el5_10
  • java-1.6.0-ibm-javacomm-1:1.6.0.16.0-1jpp.1.el6_5
  • java-1.6.0-ibm-jdbc-1:1.6.0.16.0-1jpp.1.el5_10
  • java-1.6.0-ibm-jdbc-1:1.6.0.16.0-1jpp.1.el6_5
  • java-1.6.0-ibm-plugin-1:1.6.0.16.0-1jpp.1.el5_10
  • java-1.6.0-ibm-plugin-1:1.6.0.16.0-1jpp.1.el6_5
  • java-1.6.0-ibm-src-1:1.6.0.16.0-1jpp.1.el5_10
  • java-1.6.0-ibm-src-1:1.6.0.16.0-1jpp.1.el6_5
  • java-1.5.0-ibm-1:1.5.0.16.6-1jpp.1.el5_10
  • java-1.5.0-ibm-1:1.5.0.16.6-1jpp.1.el6_5
  • java-1.5.0-ibm-accessibility-1:1.5.0.16.6-1jpp.1.el5_10
  • java-1.5.0-ibm-demo-1:1.5.0.16.6-1jpp.1.el5_10
  • java-1.5.0-ibm-demo-1:1.5.0.16.6-1jpp.1.el6_5
  • java-1.5.0-ibm-devel-1:1.5.0.16.6-1jpp.1.el5_10
  • java-1.5.0-ibm-devel-1:1.5.0.16.6-1jpp.1.el6_5
  • java-1.5.0-ibm-javacomm-1:1.5.0.16.6-1jpp.1.el5_10
  • java-1.5.0-ibm-javacomm-1:1.5.0.16.6-1jpp.1.el6_5
  • java-1.5.0-ibm-jdbc-1:1.5.0.16.6-1jpp.1.el5_10
  • java-1.5.0-ibm-jdbc-1:1.5.0.16.6-1jpp.1.el6_5
  • java-1.5.0-ibm-plugin-1:1.5.0.16.6-1jpp.1.el5_10
  • java-1.5.0-ibm-plugin-1:1.5.0.16.6-1jpp.1.el6_5
  • java-1.5.0-ibm-src-1:1.5.0.16.6-1jpp.1.el5_10
  • java-1.5.0-ibm-src-1:1.5.0.16.6-1jpp.1.el6_5
  • java-1.7.1-ibm-1:1.7.1.1.0-1jpp.2.el7_0
  • java-1.7.1-ibm-demo-1:1.7.1.1.0-1jpp.2.el7_0
  • java-1.7.1-ibm-devel-1:1.7.1.1.0-1jpp.2.el7_0
  • java-1.7.1-ibm-jdbc-1:1.7.1.1.0-1jpp.2.el7_0
  • java-1.7.1-ibm-plugin-1:1.7.1.1.0-1jpp.2.el7_0
  • java-1.7.1-ibm-src-1:1.7.1.1.0-1jpp.2.el7_0
  • java-1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el5
  • java-1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el6
  • java-1.6.0-ibm-devel-1:1.6.0.16.0-1jpp.1.el5
  • java-1.6.0-ibm-devel-1:1.6.0.16.0-1jpp.1.el6
refmap via4
bid 67601
confirm
secunia
  • 59022
  • 59023
  • 59058
  • 61264
xf ibm-java-cve20140878-weak-sec(91084)
Last major update 29-08-2017 - 01:34
Published 26-05-2014 - 19:55
Last modified 29-08-2017 - 01:34
Back to Top