CVE-2014-2490

2014-07-1700:00:00

ubuntu.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.02

Percentile

89.0%

JSON

Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60
and SE 8u5 allows remote attackers to affect confidentiality, integrity,
and availability via unknown vectors related to Hotspot.

Notes

Author	Note
mdeslaur	in lucid+, NetX and the plugin moved to the icedtea-web package
jdstrand	sun-java6 is not redistributable, no longer in the archive and no longer tracked sun-java5 is EOL upstream and no longer tracked

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchopenjdk-6< 6b32-1.13.4-1ubuntu1~0.10.04.1UNKNOWN
ubuntu12.04noarchopenjdk-6< 6b32-1.13.4-1ubuntu1~0.12.04.1UNKNOWN
ubuntu14.04noarchopenjdk-6< 6b32-1.13.4-4ubuntu0.14.04.1UNKNOWN
ubuntu12.04noarchopenjdk-7< 7u65-2.5.1-4ubuntu1~0.12.04.1UNKNOWN
ubuntu14.04noarchopenjdk-7< 7u65-2.5.1-1ubuntu1~0.14.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	openjdk-6	< 6b32-1.13.4-1ubuntu1~0.10.04.1	UNKNOWN
ubuntu	12.04	noarch	openjdk-6	< 6b32-1.13.4-1ubuntu1~0.12.04.1	UNKNOWN
ubuntu	14.04	noarch	openjdk-6	< 6b32-1.13.4-4ubuntu0.14.04.1	UNKNOWN
ubuntu	12.04	noarch	openjdk-7	< 7u65-2.5.1-4ubuntu1~0.12.04.1	UNKNOWN
ubuntu	14.04	noarch	openjdk-7	< 7u65-2.5.1-1ubuntu1~0.14.04.1	UNKNOWN