Lucene search

K

[email protected]CVE-2014-0423

HistoryJan 15, 2014 - 4:08 p.m.

CVE-2014-0423

2014-01-1516:08:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

87

oracle

java

security

vulnerability

confidentiality

availability

beans

xxe

nvd

4.4 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

0.004 Low

EPSS

Percentile

73.9%

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding.

CPENameOperatorVersion
oracle:jrockitoracle jrockiteqr27.7.7
oracle:jrockitoracle jrockiteqr28.2.9
oracle:jreoracle jreeq1.7.0
oracle:jdkoracle jdkeq1.6.0
oracle:jreoracle jreeq1.6.0
oracle:jdkoracle jdkeq1.5.0
oracle:jreoracle jreeq1.5.0

References

hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/995b32f013f5

lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html

lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html

lists.opensuse.org/opensuse-updates/2014-01/msg00105.html

lists.opensuse.org/opensuse-updates/2014-01/msg00107.html

lists.opensuse.org/opensuse-updates/2014-02/msg00000.html

marc.info/?l=bugtraq&m=139402697611681&w=2

marc.info/?l=bugtraq&m=139402749111889&w=2

rhn.redhat.com/errata/RHSA-2014-0026.html

rhn.redhat.com/errata/RHSA-2014-0027.html

rhn.redhat.com/errata/RHSA-2014-0030.html

rhn.redhat.com/errata/RHSA-2014-0097.html

rhn.redhat.com/errata/RHSA-2014-0134.html

rhn.redhat.com/errata/RHSA-2014-0135.html

rhn.redhat.com/errata/RHSA-2014-0136.html

secunia.com/advisories/56432

secunia.com/advisories/56485

secunia.com/advisories/56486

secunia.com/advisories/56487

secunia.com/advisories/56535

secunia.com/advisories/59283

secunia.com/advisories/60568

www-01.ibm.com/support/docview.wss?uid=swg21677388

www-01.ibm.com/support/docview.wss?uid=swg21679287

www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

www.securityfocus.com/bid/64758

www.securityfocus.com/bid/64914

www.securitytracker.com/id/1029608

www.ubuntu.com/usn/USN-2089-1

www.ubuntu.com/usn/USN-2124-1

access.redhat.com/errata/RHSA-2014:0414

bugzilla.redhat.com/show_bug.cgi?id=1053066

exchange.xforce.ibmcloud.com/vulnerabilities/90340

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777

4.4 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

0.004 Low

EPSS

Percentile

73.9%

Related for CVE-2014-0423

veracode13 prion1 ubuntucve1 checkpoint_advisories3 ibm14 redhat10 nessus39 openvas37 ubuntu3 amazon2 oraclelinux3 mageia1 centos3 suse5 aix1 kaspersky1 f52 securityvulns1 oracle1 gentoo1