ID CVE-2014-4266
Summary Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jdk:1.7.0:update_60:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update_60:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update_5:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update_5:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update_60:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update_60:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update_5:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.8.0:update_5:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 09-10-2018 - 19:49)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
redhat via4
advisories
  • bugzilla
    id 1119626
    title CVE-2014-2483 OpenJDK: Restrict use of privileged annotations (Libraries, 8034985)
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.65-2.5.1.2.el6_5
            oval oval:com.redhat.rhsa:tst:20140889005
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009006
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.65-2.5.1.2.el6_5
            oval oval:com.redhat.rhsa:tst:20140889011
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009010
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.65-2.5.1.2.el6_5
            oval oval:com.redhat.rhsa:tst:20140889013
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009008
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.65-2.5.1.2.el6_5
            oval oval:com.redhat.rhsa:tst:20140889009
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009012
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.65-2.5.1.2.el6_5
            oval oval:com.redhat.rhsa:tst:20140889007
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009014
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhba:tst:20150364001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhba:tst:20150364002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhba:tst:20150364003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20150364004
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.65-2.5.1.2.el7_0
            oval oval:com.redhat.rhsa:tst:20140889019
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009006
        • AND
          • comment java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.65-2.5.1.2.el7_0
            oval oval:com.redhat.rhsa:tst:20140889024
          • comment java-1.7.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140675018
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.65-2.5.1.2.el7_0
            oval oval:com.redhat.rhsa:tst:20140889027
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009010
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.65-2.5.1.2.el7_0
            oval oval:com.redhat.rhsa:tst:20140889022
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009008
        • AND
          • comment java-1.7.0-openjdk-headless is earlier than 1:1.7.0.65-2.5.1.2.el7_0
            oval oval:com.redhat.rhsa:tst:20140889020
          • comment java-1.7.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140675012
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.65-2.5.1.2.el7_0
            oval oval:com.redhat.rhsa:tst:20140889026
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009012
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.65-2.5.1.2.el7_0
            oval oval:com.redhat.rhsa:tst:20140889023
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009014
    rhsa
    id RHSA-2014:0889
    released 2014-07-16
    severity Critical
    title RHSA-2014:0889: java-1.7.0-openjdk security update (Critical)
  • bugzilla
    id 1119626
    title CVE-2014-2483 OpenJDK: Restrict use of privileged annotations (Libraries, 8034985)
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment java-1.7.0-openjdk is earlier than 1:1.7.0.65-2.5.1.2.el5_10
          oval oval:com.redhat.rhsa:tst:20140890002
        • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130165017
      • AND
        • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.65-2.5.1.2.el5_10
          oval oval:com.redhat.rhsa:tst:20140890008
        • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130165025
      • AND
        • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.65-2.5.1.2.el5_10
          oval oval:com.redhat.rhsa:tst:20140890006
        • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130165023
      • AND
        • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.65-2.5.1.2.el5_10
          oval oval:com.redhat.rhsa:tst:20140890004
        • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130165021
      • AND
        • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.65-2.5.1.2.el5_10
          oval oval:com.redhat.rhsa:tst:20140890010
        • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130165019
    rhsa
    id RHSA-2014:0890
    released 2014-07-16
    severity Important
    title RHSA-2014:0890: java-1.7.0-openjdk security update (Important)
  • bugzilla
    id 1119615
    title CVE-2014-4266 OpenJDK: InfoBuilder incorrect return values (Serviceability, 8033301)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment java-1.6.0-openjdk is earlier than 1:1.6.0.0-6.1.13.4.el5_10
            oval oval:com.redhat.rhsa:tst:20140907002
          • comment java-1.6.0-openjdk is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090377003
        • AND
          • comment java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-6.1.13.4.el5_10
            oval oval:com.redhat.rhsa:tst:20140907010
          • comment java-1.6.0-openjdk-demo is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090377011
        • AND
          • comment java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-6.1.13.4.el5_10
            oval oval:com.redhat.rhsa:tst:20140907008
          • comment java-1.6.0-openjdk-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090377005
        • AND
          • comment java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-6.1.13.4.el5_10
            oval oval:com.redhat.rhsa:tst:20140907006
          • comment java-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090377007
        • AND
          • comment java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-6.1.13.4.el5_10
            oval oval:com.redhat.rhsa:tst:20140907004
          • comment java-1.6.0-openjdk-src is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090377009
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
      • OR
        • AND
          • comment java-1.6.0-openjdk is earlier than 1:1.6.0.0-6.1.13.4.el6_5
            oval oval:com.redhat.rhsa:tst:20140907016
          • comment java-1.6.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865006
        • AND
          • comment java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-6.1.13.4.el6_5
            oval oval:com.redhat.rhsa:tst:20140907022
          • comment java-1.6.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865010
        • AND
          • comment java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-6.1.13.4.el6_5
            oval oval:com.redhat.rhsa:tst:20140907018
          • comment java-1.6.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865008
        • AND
          • comment java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-6.1.13.4.el6_5
            oval oval:com.redhat.rhsa:tst:20140907024
          • comment java-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865014
        • AND
          • comment java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-6.1.13.4.el6_5
            oval oval:com.redhat.rhsa:tst:20140907020
          • comment java-1.6.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865012
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhba:tst:20150364001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhba:tst:20150364002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhba:tst:20150364003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20150364004
      • OR
        • AND
          • comment java-1.6.0-openjdk is earlier than 1:1.6.0.0-6.1.13.4.el7_0
            oval oval:com.redhat.rhsa:tst:20140907030
          • comment java-1.6.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865006
        • AND
          • comment java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-6.1.13.4.el7_0
            oval oval:com.redhat.rhsa:tst:20140907034
          • comment java-1.6.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865010
        • AND
          • comment java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-6.1.13.4.el7_0
            oval oval:com.redhat.rhsa:tst:20140907032
          • comment java-1.6.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865008
        • AND
          • comment java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-6.1.13.4.el7_0
            oval oval:com.redhat.rhsa:tst:20140907031
          • comment java-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865014
        • AND
          • comment java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-6.1.13.4.el7_0
            oval oval:com.redhat.rhsa:tst:20140907033
          • comment java-1.6.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865012
    rhsa
    id RHSA-2014:0907
    released 2014-07-21
    severity Important
    title RHSA-2014:0907: java-1.6.0-openjdk security and bug fix update (Important)
  • rhsa
    id RHSA-2014:0902
rpms
  • java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el6_5
  • java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el6_5
  • java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el6_5
  • java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el6_5
  • java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el6_5
  • java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el7_0
  • java-1.7.0-openjdk-accessibility-1:1.7.0.65-2.5.1.2.el7_0
  • java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el7_0
  • java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el7_0
  • java-1.7.0-openjdk-headless-1:1.7.0.65-2.5.1.2.el7_0
  • java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el7_0
  • java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el7_0
  • java-1.7.0-openjdk-1:1.7.0.65-2.5.1.2.el5_10
  • java-1.7.0-openjdk-demo-1:1.7.0.65-2.5.1.2.el5_10
  • java-1.7.0-openjdk-devel-1:1.7.0.65-2.5.1.2.el5_10
  • java-1.7.0-openjdk-javadoc-1:1.7.0.65-2.5.1.2.el5_10
  • java-1.7.0-openjdk-src-1:1.7.0.65-2.5.1.2.el5_10
  • java-1.6.0-openjdk-1:1.6.0.0-6.1.13.4.el5_10
  • java-1.6.0-openjdk-demo-1:1.6.0.0-6.1.13.4.el5_10
  • java-1.6.0-openjdk-devel-1:1.6.0.0-6.1.13.4.el5_10
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-6.1.13.4.el5_10
  • java-1.6.0-openjdk-src-1:1.6.0.0-6.1.13.4.el5_10
  • java-1.6.0-openjdk-1:1.6.0.0-6.1.13.4.el6_5
  • java-1.6.0-openjdk-demo-1:1.6.0.0-6.1.13.4.el6_5
  • java-1.6.0-openjdk-devel-1:1.6.0.0-6.1.13.4.el6_5
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-6.1.13.4.el6_5
  • java-1.6.0-openjdk-src-1:1.6.0.0-6.1.13.4.el6_5
  • java-1.6.0-openjdk-1:1.6.0.0-6.1.13.4.el7_0
  • java-1.6.0-openjdk-demo-1:1.6.0.0-6.1.13.4.el7_0
  • java-1.6.0-openjdk-devel-1:1.6.0.0-6.1.13.4.el7_0
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-6.1.13.4.el7_0
  • java-1.6.0-openjdk-src-1:1.6.0.0-6.1.13.4.el7_0
refmap via4
bid 68596
bugtraq 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
confirm
debian
  • DSA-2980
  • DSA-2987
fulldisc 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
gentoo GLSA-201502-12
hp
  • HPSBUX03091
  • SSRT101667
sectrack 1030577
secunia
  • 59680
  • 59924
  • 59987
  • 60081
  • 60129
  • 60317
  • 60485
  • 60622
  • 60812
  • 60817
  • 61577
  • 61640
suse SUSE-SU-2015:0344
xf oracle-cpujul2014-cve20144266(94601)
Last major update 09-10-2018 - 19:49
Published 17-07-2014 - 11:17
Back to Top