ID CVE-2014-4263
Summary Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement." Per: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html "Applies to Diffie-Hellman key agreement in client and server deployment of Java."
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jrockit:r27.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jrockit:r27.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jrockit:r28.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jrockit:r28.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:update_65:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update_65:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update_75:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update_75:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update_60:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update_60:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update_5:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update_5:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.5.0:update_65:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.5.0:update_65:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_75:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_75:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update_60:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update_60:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update_5:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.8.0:update_5:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 09-10-2018 - 19:49)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:N
redhat via4
advisories
  • rhsa
    id RHSA-2014:0902
  • rhsa
    id RHSA-2014:0908
  • rhsa
    id RHSA-2015:0264
rpms
  • java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el6_5
  • java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el6_5
  • java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el6_5
  • java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el6_5
  • java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el6_5
  • java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el7_0
  • java-1.7.0-openjdk-accessibility-1:1.7.0.65-2.5.1.2.el7_0
  • java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el7_0
  • java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el7_0
  • java-1.7.0-openjdk-headless-1:1.7.0.65-2.5.1.2.el7_0
  • java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el7_0
  • java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el7_0
  • java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10
  • java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10
  • java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10
  • java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10
  • java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10
  • java-1.6.0-openjdk-1:1.6.0.0-6.1.13.4.el5_10
  • java-1.6.0-openjdk-demo-1:1.6.0.0-6.1.13.4.el5_10
  • java-1.6.0-openjdk-devel-1:1.6.0.0-6.1.13.4.el5_10
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-6.1.13.4.el5_10
  • java-1.6.0-openjdk-src-1:1.6.0.0-6.1.13.4.el5_10
  • java-1.6.0-openjdk-1:1.6.0.0-6.1.13.4.el6_5
  • java-1.6.0-openjdk-demo-1:1.6.0.0-6.1.13.4.el6_5
  • java-1.6.0-openjdk-devel-1:1.6.0.0-6.1.13.4.el6_5
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-6.1.13.4.el6_5
  • java-1.6.0-openjdk-src-1:1.6.0.0-6.1.13.4.el6_5
  • java-1.6.0-openjdk-1:1.6.0.0-6.1.13.4.el7_0
  • java-1.6.0-openjdk-demo-1:1.6.0.0-6.1.13.4.el7_0
  • java-1.6.0-openjdk-devel-1:1.6.0.0-6.1.13.4.el7_0
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-6.1.13.4.el7_0
  • java-1.6.0-openjdk-src-1:1.6.0.0-6.1.13.4.el7_0
refmap via4
bid 68636
bugtraq 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
confirm
debian
  • DSA-2980
  • DSA-2987
fulldisc 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
gentoo GLSA-201502-12
hp
  • HPSBUX03091
  • HPSBUX03092
  • SSRT101667
  • SSRT101668
sectrack 1030577
secunia
  • 58830
  • 59404
  • 59503
  • 59680
  • 59924
  • 59985
  • 59986
  • 59987
  • 60002
  • 60031
  • 60032
  • 60081
  • 60129
  • 60180
  • 60245
  • 60317
  • 60326
  • 60335
  • 60485
  • 60497
  • 60622
  • 60812
  • 60817
  • 60831
  • 60839
  • 60846
  • 60890
  • 61215
  • 61254
  • 61264
  • 61278
  • 61293
  • 61294
  • 61469
  • 61577
  • 61640
  • 61846
  • 62314
  • 62319
suse
  • SUSE-SU-2015:0344
  • SUSE-SU-2015:0376
  • SUSE-SU-2015:0392
xf oracle-cpujul2014-cve20144263(94606)
Last major update 09-10-2018 - 19:49
Published 17-07-2014 - 11:17
Back to Top