ID CVE-2014-2413
Summary Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries. per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jdk:1.7.0:update_51:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update_51:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update_51:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update_51:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
CVSS
Base: 4.3 (as of 05-01-2018 - 02:29)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
redhat via4
advisories
  • rhsa
    id RHSA-2014:0413
  • rhsa
    id RHSA-2014:0675
rpms
  • java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el6_5
  • java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el6_5
  • java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el6_5
  • java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el6_5
  • java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el6_5
  • java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10
  • java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10
  • java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10
  • java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10
  • java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.1.el5_10
  • java-1.7.0-openjdk-1:1.7.0.55-2.4.7.2.el7_0
  • java-1.7.0-openjdk-accessibility-1:1.7.0.55-2.4.7.2.el7_0
  • java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.2.el7_0
  • java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.2.el7_0
  • java-1.7.0-openjdk-headless-1:1.7.0.55-2.4.7.2.el7_0
  • java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.2.el7_0
  • java-1.7.0-openjdk-src-1:1.7.0.55-2.4.7.2.el7_0
refmap via4
bid 66917
confirm http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
gentoo GLSA-201502-12
hp
  • HPSBUX03091
  • SSRT101667
ubuntu USN-2187-1
Last major update 05-01-2018 - 02:29
Published 16-04-2014 - 02:55
Back to Top