Lucene search

Kaspersky LabKLA10507

HistoryJul 17, 2014 - 12:00 a.m.

KLA10507 Multiple vulnerabilities in Oracle products

2014-07-1700:00:00

Kaspersky Lab

threats.kaspersky.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

4.9

Confidence

Low

EPSS

0.491

Percentile

97.5%

JSON

An unspecified vulnerabilities were found in Oracle products. By exploiting these vulnerabilities malicious users can affect integrity, confidentiality and availability. This vulnerability can be exploited remotely via an unknown vectors related to JavaFX, JMX, Security, Deployment, Serviceability, Swing, Libraries, Hotspot and Diffie-Hellman key agreement.

Original advisories

Oracle bulletin

Related products

Sun-Java-JRE

Sun-Java-JRE-1.6.x

Sun-Java-JDK-1.6.x

Oracle-Java-JRE-1.7.x

Oracle-Java-JDK-1.7.x

Oracle-Java-JDK-1.8.x-3

Oracle-Java-JRE-1.8.x

Oracle-JRockit

CVE list

CVE-2014-4265 critical

CVE-2014-4263 warning

CVE-2014-4252 critical

CVE-2014-4209 high

CVE-2014-4266 critical

CVE-2014-4264 critical

CVE-2014-4268 critical

CVE-2014-4219 critical

CVE-2014-4223 critical

CVE-2014-4262 critical

CVE-2014-4208 warning

CVE-2014-4216 critical

CVE-2014-4227 critical

CVE-2014-2490 critical

CVE-2014-4244 warning

CVE-2014-4218 critical

CVE-2014-4220 critical

CVE-2014-2483 critical

CVE-2014-4221 warning

CVE-2014-4247 critical

Solution

Update to the latest version

Impacts

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Loss of integrity. Exploitation of vulnerabilities with this impact can lead to partial system fault or system components connection disruption.