CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
93.1%
Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to improper handling of methods in MethodHandles in HotSpot JVM, which allows attackers to escape the sandbox.
hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/839100e42498
lists.opensuse.org/opensuse-updates/2014-01/msg00105.html
lists.opensuse.org/opensuse-updates/2014-01/msg00107.html
lists.opensuse.org/opensuse-updates/2014-02/msg00000.html
marc.info/?l=bugtraq&m=139402697611681&w=2
osvdb.org/102000
rhn.redhat.com/errata/RHSA-2014-0026.html
rhn.redhat.com/errata/RHSA-2014-0027.html
rhn.redhat.com/errata/RHSA-2014-0030.html
secunia.com/advisories/56432
secunia.com/advisories/56485
secunia.com/advisories/56486
secunia.com/advisories/56535
www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
www.securityfocus.com/bid/64758
www.securityfocus.com/bid/64863
www.securitytracker.com/id/1029608
www.ubuntu.com/usn/USN-2089-1
bugzilla.redhat.com/show_bug.cgi?id=1051549
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777