Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-0416
HistoryJan 15, 2014 - 12:00 a.m.

CVE-2014-0416

2014-01-1500:00:00
ubuntu.com
ubuntu.com
6

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

84.5%

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE
Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity
via vectors related to JAAS. NOTE: the previous information is from the
January 2014 CPU. Oracle has not commented on third-party claims that the
issue is related to how principals are set for the Subject class, which
allows attackers to escape the sandbox using deserialization of a crafted
Subject instance.

Notes

Author Note
mdeslaur in lucid+, NetX and the plugin moved to the icedtea-web package
jdstrand sun-java6 is not redistributable, no longer in the archive and no longer tracked sun-java5 is EOL upstream and no longer tracked
OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchopenjdk-6< 6b30-1.13.1-1ubuntu2~0.10.04.1UNKNOWN
ubuntu12.04noarchopenjdk-6< 6b30-1.13.1-1ubuntu2~0.12.04.1UNKNOWN
ubuntu12.10noarchopenjdk-6< 6b30-1.13.1-1ubuntu2~0.12.10.1UNKNOWN
ubuntu13.10noarchopenjdk-6< 6b30-1.13.1-1ubuntu2~0.13.10.1UNKNOWN
ubuntu12.04noarchopenjdk-7< 7u51-2.4.4-0ubuntu0.12.04.2UNKNOWN
ubuntu12.10noarchopenjdk-7< 7u51-2.4.4-0ubuntu0.12.10.2UNKNOWN
ubuntu13.04noarchopenjdk-7< 7u51-2.4.4-0ubuntu0.13.04.2UNKNOWN
ubuntu13.10noarchopenjdk-7< 7u51-2.4.4-0ubuntu0.13.10.1UNKNOWN

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

84.5%