Lucene search

K

[email protected]NVD:CVE-2014-0428

HistoryJan 15, 2014 - 4:08 p.m.

CVE-2014-0428

2014-01-1516:08:10

[email protected]

web.nvd.nist.gov

5

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

4.6

Confidence

High

EPSS

0.138

Percentile

95.7%

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to “insufficient security checks in IIOP streams,” which allows attackers to escape the sandbox.

Affected configurations

Nvd

Node

oraclejdkMatch1.6.0update65

OR

oraclejreMatch1.6.0update65

Node

oraclejdkMatch1.5.0update55

OR

oraclejreMatch1.5.0update55

Node

oraclejreMatch1.7.0update45

References

hg.openjdk.java.net/jdk7u/jdk7u/corba/rev/0a879f00b698

lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html

lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html

lists.opensuse.org/opensuse-updates/2014-01/msg00105.html

lists.opensuse.org/opensuse-updates/2014-01/msg00107.html

lists.opensuse.org/opensuse-updates/2014-02/msg00000.html

marc.info/?l=bugtraq&m=139402697611681&w=2

marc.info/?l=bugtraq&m=139402749111889&w=2

osvdb.org/101996

rhn.redhat.com/errata/RHSA-2014-0026.html

rhn.redhat.com/errata/RHSA-2014-0027.html

rhn.redhat.com/errata/RHSA-2014-0030.html

rhn.redhat.com/errata/RHSA-2014-0097.html

rhn.redhat.com/errata/RHSA-2014-0134.html

rhn.redhat.com/errata/RHSA-2014-0135.html

rhn.redhat.com/errata/RHSA-2014-0136.html

secunia.com/advisories/56432

secunia.com/advisories/56485

secunia.com/advisories/56486

secunia.com/advisories/56535

www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

www.securityfocus.com/bid/64758

www.securityfocus.com/bid/64935

www.securitytracker.com/id/1029608

www.ubuntu.com/usn/USN-2089-1

www.ubuntu.com/usn/USN-2124-1

access.redhat.com/errata/RHSA-2014:0414

bugzilla.redhat.com/show_bug.cgi?id=1051519

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

4.6

Confidence

High

EPSS

0.138

Percentile

95.7%

Related for NVD:CVE-2014-0428

cvelist1 nessus40 prion1 cve1 veracode13 openvas45 f54 ubuntucve1 ibm9 redhat10 oraclelinux3 ubuntu3 amazon2 centos3 mageia1 suse10 aix1 kaspersky1 securityvulns1 oracle1 gentoo1