Lucene search

K

[email protected]CVE-2014-0373

HistoryJan 15, 2014 - 4:08 p.m.

CVE-2014-0373

2014-01-1516:08:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

56

cve-2014-0373

oracle

java

vulnerability

remote attackers

confidentiality

integrity

availability

openjdk

snmpstatusexception

snmp

sandbox

4.6 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.106 Low

EPSS

Percentile

95.0%

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to throwing of an incorrect exception when SnmpStatusException should have been used in the SNMP implementation, which allows attackers to escape the sandbox.

CPENameOperatorVersion
oracle:jreoracle jreeq1.7.0
oracle:jdkoracle jdkeq1.5.0
oracle:jreoracle jreeq1.5.0
oracle:jdkoracle jdkeq1.6.0
oracle:jreoracle jreeq1.6.0

References

hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/496c51673dec

lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html

lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html

lists.opensuse.org/opensuse-updates/2014-01/msg00105.html

lists.opensuse.org/opensuse-updates/2014-01/msg00107.html

lists.opensuse.org/opensuse-updates/2014-02/msg00000.html

marc.info/?l=bugtraq&m=139402697611681&w=2

marc.info/?l=bugtraq&m=139402749111889&w=2

rhn.redhat.com/errata/RHSA-2014-0026.html

rhn.redhat.com/errata/RHSA-2014-0027.html

rhn.redhat.com/errata/RHSA-2014-0030.html

rhn.redhat.com/errata/RHSA-2014-0097.html

rhn.redhat.com/errata/RHSA-2014-0134.html

rhn.redhat.com/errata/RHSA-2014-0135.html

rhn.redhat.com/errata/RHSA-2014-0136.html

secunia.com/advisories/56432

secunia.com/advisories/56485

secunia.com/advisories/56535

www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

www.securityfocus.com/bid/64758

www.securityfocus.com/bid/64922

www.securitytracker.com/id/1029608

www.ubuntu.com/usn/USN-2089-1

www.ubuntu.com/usn/USN-2124-1

access.redhat.com/errata/RHSA-2014:0414

bugzilla.redhat.com/show_bug.cgi?id=1051699

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777

4.6 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.106 Low

EPSS

Percentile

95.0%

Related for CVE-2014-0373

prion1 ubuntucve1 veracode13 redhat10 nessus37 openvas36 ubuntu3 oraclelinux3 amazon2 centos3 mageia1 suse5 ibm8 aix1 kaspersky1 f52 securityvulns1 oracle1 gentoo1