ID |
CVE-2014-6591
|
Summary |
Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585. Per: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:oracle:jdk:1.5.0:update_75:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.5.0:update_75:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jdk:1.6.0:update_85:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update_85:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jdk:1.7.0:update72:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update72:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jdk:1.8.0:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update25:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jre:1.5.0:update_75:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.5.0:update_75:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jre:1.6.0:update_85:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update_85:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jre:1.7.0:update_72:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update_72:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jre:1.8.0:update_25:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update_25:*:*:*:*:*:*
|
CVSS |
Base: | 2.6 (as of 08-09-2020 - 13:00) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-noinfo |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
HIGH |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
NONE |
NONE |
|
cvss-vector
via4
|
AV:N/AC:H/Au:N/C:P/I:N/A:N
|
redhat
via4
|
|
refmap
via4
|
bid | 72175 | confirm | | debian | | gentoo | - GLSA-201507-14
- GLSA-201603-14
| hp | - HPSBUX03273
- HPSBUX03281
- SSRT101951
- SSRT101968
| sectrack | 1031580 | suse | - SUSE-SU-2015:0336
- SUSE-SU-2015:0503
- openSUSE-SU-2015:0190
| ubuntu | |
|
Last major update |
08-09-2020 - 13:00 |
Published |
21-01-2015 - 15:28 |
Last modified |
08-09-2020 - 13:00 |