Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-0428
HistoryJan 15, 2014 - 12:00 a.m.

CVE-2014-0428

2014-01-1500:00:00
ubuntu.com
ubuntu.com
6

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.138 Low

EPSS

Percentile

95.5%

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE
Embedded 7u45; and OpenJDK 7 allows remote attackers to affect
confidentiality, integrity, and availability via vectors related to CORBA.
NOTE: the previous information is from the January 2014 CPU. Oracle has not
commented on third-party claims that the issue is related to “insufficient
security checks in IIOP streams,” which allows attackers to escape the
sandbox.

Notes

Author Note
mdeslaur in lucid+, NetX and the plugin moved to the icedtea-web package
jdstrand sun-java6 is not redistributable, no longer in the archive and no longer tracked sun-java5 is EOL upstream and no longer tracked
OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchopenjdk-6< 6b30-1.13.1-1ubuntu2~0.10.04.1UNKNOWN
ubuntu12.04noarchopenjdk-6< 6b30-1.13.1-1ubuntu2~0.12.04.1UNKNOWN
ubuntu12.10noarchopenjdk-6< 6b30-1.13.1-1ubuntu2~0.12.10.1UNKNOWN
ubuntu13.10noarchopenjdk-6< 6b30-1.13.1-1ubuntu2~0.13.10.1UNKNOWN
ubuntu12.04noarchopenjdk-7< 7u51-2.4.4-0ubuntu0.12.04.2UNKNOWN
ubuntu12.10noarchopenjdk-7< 7u51-2.4.4-0ubuntu0.12.10.2UNKNOWN
ubuntu13.04noarchopenjdk-7< 7u51-2.4.4-0ubuntu0.13.04.2UNKNOWN
ubuntu13.10noarchopenjdk-7< 7u51-2.4.4-0ubuntu0.13.10.1UNKNOWN

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.138 Low

EPSS

Percentile

95.5%