Kaspersky LabKLA10001KLA10001 Multiple vulnerabilities in Oracle Java Runtime Environment & Java Development Kit
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
98.9%
Multiple serious vulnerabilities have been found in Oracle Java Runtime Environment & Java Development Kit: 5.61, 6.71, 7.51, 8. Malicious use of these vulnerabilities can affect confidentiality, integrity and availability, cause denial of service, obtain sensitive information or overwrite arbitrary files.
Below is a complete list of vulnerabilities
- Vectors related to 2D, Libraries, Hotspot, JavaFX, Deployment, AWT, JAX-WS, JAXB, Security, Sound, JNDI, JAXP, Scripting, Javadoc and other unknown points can be exploited to affect confidentiality, integrity and availability.
- Zero-size PLTE chunk or NULL palette, related to pngrtran.c and pngset.c.
- Unintialized memory locations at get_sos from libjpeg (6b) & libjpeg-turbo (through 1.3.0).
- Nonsecurely temporary files creation at unpacker::redirect_stdio from unpack200.
Original advisories
Related products
CVE list
CVE-2013-6629 critical
CVE-2014-2414 critical
CVE-2014-2402 critical
CVE-2014-0446 critical
CVE-2014-0454 critical
CVE-2014-2427 critical
CVE-2014-2422 high
CVE-2014-2409 high
CVE-2014-0460 high
CVE-2013-6954 critical
CVE-2014-2410 critical
CVE-2014-2397 critical
CVE-2014-0456 critical
CVE-2014-2421 critical
CVE-2014-0429 critical
CVE-2014-0457 critical
CVE-2014-2398 warning
CVE-2014-0453 warning
CVE-2014-2413 warning
CVE-2014-0459 warning
CVE-2014-0464 warning
CVE-2014-0463 warning
CVE-2014-2401 critical
CVE-2014-2403 critical
CVE-2014-2420 warning
CVE-2014-1876 warning
CVE-2014-0452 critical
CVE-2014-2423 critical
CVE-2014-2412 critical
CVE-2014-2428 critical
CVE-2014-0458 critical
CVE-2014-0451 critical
CVE-2014-0455 critical
CVE-2014-0432 critical
CVE-2014-0448 critical
CVE-2014-0461 critical
Solution
Update to latest version
Impacts
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- OAF
Overwrite arbitrary files. Exploitation of vulnerabilities with this impact can lead to loss of some information, contained in overwritten files.
- LoI
Loss of integrity. Exploitation of vulnerabilities with this impact can lead to partial system fault or system components connection disruption.
Affected Products
- Oracle Java Runtime Environment & Java Development Kit: 5.61, 6.71, 7.51, 8
References
www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
statistics.securelist.com/
threats.kaspersky.com/en/product/Oracle-Java-JDK-1.7.x/
threats.kaspersky.com/en/product/Oracle-Java-JDK-1.8.x-3/
threats.kaspersky.com/en/product/Oracle-Java-JRE-1.7.x/
threats.kaspersky.com/en/product/Oracle-Java-JRE-1.8.x/
threats.kaspersky.com/en/product/Sun-Java-JDK-1.6.x/
threats.kaspersky.com/en/product/Sun-Java-JRE-1.6.x/
threats.kaspersky.com/en/product/Sun-Java-JRE/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
98.9%