Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-0423
HistoryJan 15, 2014 - 12:00 a.m.

CVE-2014-0423

2014-01-1500:00:00
ubuntu.com
ubuntu.com
6

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

0.004 Low

EPSS

Percentile

73.7%

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit
R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote
authenticated users to affect confidentiality and availability via unknown
vectors related to Beans. NOTE: the previous information is from the
January 2014 CPU. Oracle has not commented on third-party claims that this
issue is an XML External Entity (XXE) vulnerability in
DocumentHandler.java, related to Beans decoding.

Notes

Author Note
mdeslaur in lucid+, NetX and the plugin moved to the icedtea-web package
jdstrand sun-java6 is not redistributable, no longer in the archive and no longer tracked sun-java5 is EOL upstream and no longer tracked
OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchopenjdk-6< 6b30-1.13.1-1ubuntu2~0.10.04.1UNKNOWN
ubuntu12.04noarchopenjdk-6< 6b30-1.13.1-1ubuntu2~0.12.04.1UNKNOWN
ubuntu12.10noarchopenjdk-6< 6b30-1.13.1-1ubuntu2~0.12.10.1UNKNOWN
ubuntu13.10noarchopenjdk-6< 6b30-1.13.1-1ubuntu2~0.13.10.1UNKNOWN
ubuntu12.04noarchopenjdk-7< 7u51-2.4.4-0ubuntu0.12.04.2UNKNOWN
ubuntu12.10noarchopenjdk-7< 7u51-2.4.4-0ubuntu0.12.10.2UNKNOWN
ubuntu13.04noarchopenjdk-7< 7u51-2.4.4-0ubuntu0.13.04.2UNKNOWN
ubuntu13.10noarchopenjdk-7< 7u51-2.4.4-0ubuntu0.13.10.1UNKNOWN

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

0.004 Low

EPSS

Percentile

73.7%

Related for UB:CVE-2014-0423