Lucene search

K
cve[email protected]CVE-2014-0411
HistoryJan 15, 2014 - 4:08 p.m.

CVE-2014-0411

2014-01-1516:08:10
web.nvd.nist.gov
85
cve-2014-0411
oracle java
jrockit
vulnerability
remote attackers
confidentiality
integrity
jsse
nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

4.1 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.5%

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake.

Affected configurations

NVD
Node
oraclejrockitMatchr27.7.7
OR
oraclejrockitMatchr28.2.9
Node
oraclejreMatch1.7.0update45
Node
oraclejdkMatch1.5.0update55
OR
oraclejreMatch1.5.0update55
Node
oraclejdkMatch1.6.0update65
OR
oraclejreMatch1.6.0update65

References

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

4.1 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.5%