Lucene search

K

[email protected]NVD:CVE-2014-0373

HistoryJan 15, 2014 - 4:08 p.m.

CVE-2014-0373

2014-01-1516:08:06

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

4.7 Medium

AI Score

Confidence

High

0.106 Low

EPSS

Percentile

95.1%

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to throwing of an incorrect exception when SnmpStatusException should have been used in the SNMP implementation, which allows attackers to escape the sandbox.

Affected configurations

NVD

Node

oraclejreMatch1.7.0update45

Node

oraclejdkMatch1.5.0update55

OR

oraclejreMatch1.5.0update55

Node

oraclejdkMatch1.6.0update65

OR

oraclejreMatch1.6.0update65

References

hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/496c51673dec

lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html

lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html

lists.opensuse.org/opensuse-updates/2014-01/msg00105.html

lists.opensuse.org/opensuse-updates/2014-01/msg00107.html

lists.opensuse.org/opensuse-updates/2014-02/msg00000.html

marc.info/?l=bugtraq&m=139402697611681&w=2

marc.info/?l=bugtraq&m=139402749111889&w=2

rhn.redhat.com/errata/RHSA-2014-0026.html

rhn.redhat.com/errata/RHSA-2014-0027.html

rhn.redhat.com/errata/RHSA-2014-0030.html

rhn.redhat.com/errata/RHSA-2014-0097.html

rhn.redhat.com/errata/RHSA-2014-0134.html

rhn.redhat.com/errata/RHSA-2014-0135.html

rhn.redhat.com/errata/RHSA-2014-0136.html

secunia.com/advisories/56432

secunia.com/advisories/56485

secunia.com/advisories/56535

www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

www.securityfocus.com/bid/64758

www.securityfocus.com/bid/64922

www.securitytracker.com/id/1029608

www.ubuntu.com/usn/USN-2089-1

www.ubuntu.com/usn/USN-2124-1

access.redhat.com/errata/RHSA-2014:0414

bugzilla.redhat.com/show_bug.cgi?id=1051699

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

4.7 Medium

AI Score

Confidence

High

0.106 Low

EPSS

Percentile

95.1%

Related for NVD:CVE-2014-0373

prion1 cve1 cvelist1 ubuntucve1 veracode13 nessus37 redhat10 openvas36 oraclelinux3 amazon2 ubuntu3 centos3 mageia1 ibm8 suse5 aix1 f52 kaspersky1 securityvulns1 oracle1 gentoo1