Kaspersky LabKLA10505KLA10505 Multiple vulnerabilities in Oracle products
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
5.6 Medium
AI Score
Confidence
Low
0.034 Low
EPSS
Percentile
91.5%
An unspecified vulnerabilities were found in Oracle products. By exploiting these vulnerabilities malicious users can affect integrity, confidentiality and vulnerability. These vulnerabilities can be exploited remotely via an unknown vectors related to JSSE, JAXP, AWT, 2D, Deployment, Libraries, Hotspot, Security and other unknown points.
Original advisories
Related products
CVE list
CVE-2014-6476 critical
CVE-2014-6532 critical
CVE-2014-6456 critical
CVE-2014-6457 warning
CVE-2014-6458 high
CVE-2014-6531 warning
CVE-2014-6519 critical
CVE-2014-6558 warning
CVE-2014-6485 critical
CVE-2014-4288 critical
CVE-2014-6511 critical
CVE-2014-6512 warning
CVE-2014-6515 critical
CVE-2014-6517 critical
CVE-2014-6513 critical
CVE-2014-6493 critical
CVE-2014-6492 critical
CVE-2014-6468 high
CVE-2014-6466 high
CVE-2014-6562 critical
CVE-2014-6503 critical
CVE-2014-6502 warning
CVE-2014-6527 warning
CVE-2014-6506 high
CVE-2014-6504 critical
Solution
Update to the latest version.
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
- LoI
Loss of integrity. Exploitation of vulnerabilities with this impact can lead to partial system fault or system components connection disruption.
Affected Products
- Oracle Java SE 6 version 6u81Oracle Java SE 7 version 7u67Oracle Java SE 6 version 8u20Oracle JRockit versions R27.8.3 and R28.3.3
References
www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA
statistics.securelist.com/
threats.kaspersky.com/en/product/Oracle-Java-JDK-1.7.x/
threats.kaspersky.com/en/product/Oracle-Java-JDK-1.8.x-3/
threats.kaspersky.com/en/product/Oracle-Java-JRE-1.7.x/
threats.kaspersky.com/en/product/Oracle-Java-JRE-1.8.x/
threats.kaspersky.com/en/product/Oracle-JRockit/
threats.kaspersky.com/en/product/Sun-Java-JDK-1.6.x/
threats.kaspersky.com/en/product/Sun-Java-JRE-1.6.x/
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
5.6 Medium
AI Score
Confidence
Low
0.034 Low
EPSS
Percentile
91.5%