7.5 - CVE-2014-2427

Executive Summary

Informations
Name	CVE-2014-2427	First vendor Publication	2014-04-15
Vendor	Cve	Last vendor Modification	2022-05-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2427

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:23968

Oval ID:	oval:org.mitre.oval:def:23968
Title:	DEPRECATED: ELSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important)
Description:	The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0408-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427	Version:	5
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	java-1.6.0-openjdk
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-5.1.13.3.el5_10 OR rpm test Oracle Linux 6.x AND rpm test java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-5.1.13.3.el6_5

Definition Id: oval:org.mitre.oval:def:23985

Oval ID:	oval:org.mitre.oval:def:23985
Title:	ELSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important)
Description:	The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0408-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427	Version:	5
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	java-1.6.0-openjdk
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-5.1.13.3.el5_10 OR rpm test Oracle Linux 6.x AND rpm test java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-5.1.13.3.el6_5

Definition Id: oval:org.mitre.oval:def:24276

Oval ID:	oval:org.mitre.oval:def:24276
Title:	ELSA-2014:0406: java-1.7.0-openjdk security update (Critical)
Description:	The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0406-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427	Version:	5
Platform(s):	Oracle Linux 6	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Oracle Linux 6.x rpm test java-1.7.0-openjdk-demo is earlier than 1:1.7.0.55-2.4.7.1.el6_5 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.55-2.4.7.1.el6_5 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.55-2.4.7.1.el6_5 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.55-2.4.7.1.el6_5 AND java-1.7.0-openjdk is earlier than 1:1.7.0.55-2.4.7.1.el6_5

Definition Id: oval:org.mitre.oval:def:24444

Oval ID:	oval:org.mitre.oval:def:24444
Title:	RHSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important)
Description:	The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0408-00 CESA-2014:0408 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6	Product(s):	java-1.6.0-openjdk
Definition Synopsis:
Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND Operation system section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-5.1.13.3.el6_5

Definition Id: oval:org.mitre.oval:def:24510

Oval ID:	oval:org.mitre.oval:def:24510
Title:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-2427	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.5.0:update_51 Determine if the version of Java Runtime Environment equals 1.5.0:update_51 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment equals 1.6.0:update_71 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24641

Oval ID:	oval:org.mitre.oval:def:24641
Title:	RHSA-2014:0407: java-1.7.0-openjdk security update (Important)
Description:	The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0407-00 CESA-2014:0407 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section java-1.7.0-openjdk-devel is earlier than 1:1.7.0.55-2.4.7.1.el5_10 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.55-2.4.7.1.el5_10 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.55-2.4.7.1.el5_10 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.55-2.4.7.1.el5_10 AND java-1.7.0-openjdk is earlier than 1:1.7.0.55-2.4.7.1.el5_10

Definition Id: oval:org.mitre.oval:def:24662

Oval ID:	oval:org.mitre.oval:def:24662
Title:	ELSA-2014:0407: java-1.7.0-openjdk security update (Important)
Description:	The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0407-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427	Version:	5
Platform(s):	Oracle Linux 5	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Oracle Linux 5.x rpm test java-1.7.0-openjdk-devel is earlier than 1:1.7.0.55-2.4.7.1.el5_10 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.55-2.4.7.1.el5_10 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.55-2.4.7.1.el5_10 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.55-2.4.7.1.el5_10 AND java-1.7.0-openjdk is earlier than 1:1.7.0.55-2.4.7.1.el5_10

Definition Id: oval:org.mitre.oval:def:24666

Oval ID:	oval:org.mitre.oval:def:24666
Title:	RHSA-2014:0406: java-1.7.0-openjdk security update (Critical)
Description:	The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0406-00 CESA-2014:0406 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section java-1.7.0-openjdk-demo is earlier than 1:1.7.0.55-2.4.7.1.el6_5 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.55-2.4.7.1.el6_5 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.55-2.4.7.1.el6_5 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.55-2.4.7.1.el6_5 AND java-1.7.0-openjdk is earlier than 1:1.7.0.55-2.4.7.1.el6_5

Definition Id: oval:org.mitre.oval:def:24751

Oval ID:	oval:org.mitre.oval:def:24751
Title:	DSA-2912-1 openjdk-6 - security update
Description:	Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2912-1 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-0462 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2405 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	openjdk-6
Definition Synopsis:
Debian 6.0 release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND openjdk-6 DPKG is earlier than 0:6b31-1.13.3-1~deb6u1 AND Debian 7.x release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND openjdk-6 DPKG is earlier than 0:6b31-1.13.3-1~deb7u1

Definition Id: oval:org.mitre.oval:def:24794

Oval ID:	oval:org.mitre.oval:def:24794
Title:	RHSA-2014:0509: java-1.5.0-ibm security update (Important)
Description:	IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-2427, CVE-2014-2412, CVE-2014-0460, CVE-2013-6629, CVE-2014-2401, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP6 release. All running instances of IBM Java must be restarted for this update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0509-00 CVE-2013-6629 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0453 CVE-2014-0457 CVE-2014-0460 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2412 CVE-2014-2421 CVE-2014-2427	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6	Product(s):	java-1.5.0-ibm
Definition Synopsis:
Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages section java-1.5.0-ibm-accessibility is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-plugin is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-devel is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-javacomm is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-jdbc is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-src is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-demo is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section java-1.5.0-ibm-plugin is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-devel is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-javacomm is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-jdbc is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-src is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-demo is earlier than 1:1.5.0.16.6-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:24880

Oval ID:	oval:org.mitre.oval:def:24880
Title:	RHSA-2014:0675: java-1.7.0-openjdk security update (Critical)
Description:	The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0675-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427	Version:	4
Platform(s):	Red Hat Enterprise Linux 7 CentOS Linux 7	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
RHEL 7 The operating system installed on the system is Red Hat Enterprise Linux 7 AND Packages section java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.55-2.4.7.2.el7_0 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.55-2.4.7.2.el7_0 AND java-1.7.0-openjdk is earlier than 1:1.7.0.55-2.4.7.2.el7_0 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.55-2.4.7.2.el7_0 AND java-1.7.0-openjdk-headless is earlier than 1:1.7.0.55-2.4.7.2.el7_0 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.55-2.4.7.2.el7_0 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.55-2.4.7.2.el7_0 OR CentOS 7 The operating system installed on the system is CentOS Linux 7.x AND java-1.7.0-openjdk is earlier than 1:1.7.0.55-2.4.7.2.el7_0

Definition Id: oval:org.mitre.oval:def:24881

Oval ID:	oval:org.mitre.oval:def:24881
Title:	ELSA-2014:0509: java-1.5.0-ibm security update (Important)
Description:	IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-2427, CVE-2014-2412, CVE-2014-0460, CVE-2013-6629, CVE-2014-2401, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP6 release. All running instances of IBM Java must be restarted for this update to take effect.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0509-01 CVE-2013-6629 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0453 CVE-2014-0457 CVE-2014-0460 CVE-2014-0878 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2412 CVE-2014-2421 CVE-2014-2427	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	java-1.5.0-ibm
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test java-1.5.0-ibm is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-plugin is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-src is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-devel is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-accessibility is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-demo is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-jdbc is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-javacomm is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 OR rpm test Oracle Linux 6.x AND rpm test java-1.5.0-ibm is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-devel is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-plugin is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-src is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-demo is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-jdbc is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-javacomm is earlier than 1:1.5.0.16.6-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:25220

Oval ID:	oval:org.mitre.oval:def:25220
Title:	RHSA-2014:0685: java-1.6.0-openjdk security update (Important)
Description:	The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0685-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427	Version:	4
Platform(s):	Red Hat Enterprise Linux 7 CentOS Linux 7	Product(s):	java-1.6.0-openjdk
Definition Synopsis:
RHEL 7 The operating system installed on the system is Red Hat Enterprise Linux 7 AND Packages section java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-6.1.13.3.el7_0 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-6.1.13.3.el7_0 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-6.1.13.3.el7_0 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-6.1.13.3.el7_0 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-6.1.13.3.el7_0 OR CentOS 7 The operating system installed on the system is CentOS Linux 7.x AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-6.1.13.3.el7_0

Definition Id: oval:org.mitre.oval:def:26484

Oval ID:	oval:org.mitre.oval:def:26484
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-2427	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

CPE : Common Platform Enumeration

Type	Description	Count
Application	Oracle Jdk cpe:2.3:a:oracle:jdk:1.8.0:-:::::: cpe:2.3:a:oracle:jdk:1.7.0:update51:::::: cpe:2.3:a:oracle:jdk:1.6.0:update71:::::: cpe:2.3:a:oracle:jdk:1.5.0:update61::::::	4
Application	Oracle Jre cpe:2.3:a:oracle:jre:1.8.0:-:::::: cpe:2.3:a:oracle:jre:1.7.0:update51:::::: cpe:2.3:a:oracle:jre:1.6.0:update71:::::: cpe:2.3:a:oracle:jre:1.5.0:update61::::::	4
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm::: cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.04::::-::: cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::	5
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:8.0:::::::* cpe:2.3:o:debian:debian_linux:7.0:::::::* cpe:2.3:o:debian:debian_linux:6.0:::::::*	3

Information Assurance Vulnerability Management (IAVM)

Date	Description
2014-04-17	IAVM : 2014-A-0056 - Multiple Vulnerabilities in Oracle Java SE Severity : Category I - VMSKEY : V0049583

Nessus® Vulnerability Scanner

Date	Description
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0732-1.nasl - Type : ACT_GATHER_INFO
2015-02-16	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201502-12.nasl - Type : ACT_GATHER_INFO
2014-12-16	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-773.nasl - Type : ACT_GATHER_INFO
2014-12-16	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-772.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0982.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0414.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0413.nasl - Type : ACT_GATHER_INFO
2014-09-23	Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_notes_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO
2014-09-23	Name : The remote host has software installed that is affected by multiple vulnerabi... File : domino_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO
2014-09-23	Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_domino_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO
2014-09-17	Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2014-0008.nasl - Type : ACT_GATHER_INFO
2014-09-17	Name : The remote host has an update manager installed that is affected by multiple ... File : vmware_vcenter_update_mgr_vmsa-2014-0008.nasl - Type : ACT_GATHER_INFO
2014-07-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0705.nasl - Type : ACT_GATHER_INFO
2014-07-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0685.nasl - Type : ACT_GATHER_INFO
2014-07-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0675.nasl - Type : ACT_GATHER_INFO
2014-07-28	Name : The remote AIX host has a version of Java SDK installed that is potentially a... File : aix_java_apr2014_advisory.nasl - Type : ACT_GATHER_INFO
2014-07-24	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0675.nasl - Type : ACT_GATHER_INFO
2014-07-24	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0685.nasl - Type : ACT_GATHER_INFO
2014-06-30	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO
2014-06-03	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-140514.nasl - Type : ACT_GATHER_INFO
2014-06-01	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-140515.nasl - Type : ACT_GATHER_INFO
2014-05-19	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-100.nasl - Type : ACT_GATHER_INFO
2014-05-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0509.nasl - Type : ACT_GATHER_INFO
2014-05-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0508.nasl - Type : ACT_GATHER_INFO
2014-05-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0486.nasl - Type : ACT_GATHER_INFO
2014-05-14	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-140508.nasl - Type : ACT_GATHER_INFO
2014-05-06	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2923.nasl - Type : ACT_GATHER_INFO
2014-05-02	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2191-1.nasl - Type : ACT_GATHER_INFO
2014-05-01	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2187-1.nasl - Type : ACT_GATHER_INFO
2014-04-25	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2912.nasl - Type : ACT_GATHER_INFO
2014-04-23	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-327.nasl - Type : ACT_GATHER_INFO
2014-04-23	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-326.nasl - Type : ACT_GATHER_INFO
2014-04-18	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0412.nasl - Type : ACT_GATHER_INFO
2014-04-18	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0407.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140416_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140416_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140416_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0408.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0407.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0406.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0408.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0406.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0408.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0407.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0406.nasl - Type : ACT_GATHER_INFO
2014-04-16	Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_apr_2014_unix.nasl - Type : ACT_GATHER_INFO
2014-04-16	Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_apr_2014.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris9_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris10_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris10_125137.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125138-97 File : solaris10_x86_125138.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125139-97 File : solaris10_x86_125139.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris8_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris8_125137.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125138-97 File : solaris8_x86_125138.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125139-97 File : solaris8_x86_125139.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris9_125137.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125138-97 File : solaris9_x86_125138.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125139-97 File : solaris9_x86_125139.nasl - Type : ACT_GATHER_INFO
2005-09-06	Name : The remote host is missing Sun Security Patch number 118669-86 File : solaris8_x86_118669.nasl - Type : ACT_GATHER_INFO
2005-09-06	Name : The remote host is missing Sun Security Patch number 118669-86 File : solaris9_x86_118669.nasl - Type : ACT_GATHER_INFO
2005-09-06	Name : The remote host is missing Sun Security Patch number 118669-86 File : solaris10_x86_118669.nasl - Type : ACT_GATHER_INFO
2005-08-18	Name : The remote host is missing Sun Security Patch number 118666-86 File : solaris9_118666.nasl - Type : ACT_GATHER_INFO
2005-08-18	Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris9_118667.nasl - Type : ACT_GATHER_INFO
2005-08-18	Name : The remote host is missing Sun Security Patch number 118668-86 File : solaris8_x86_118668.nasl - Type : ACT_GATHER_INFO
2005-08-18	Name : The remote host is missing Sun Security Patch number 118666-86 File : solaris10_118666.nasl - Type : ACT_GATHER_INFO
2005-08-18	Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris8_118667.nasl - Type : ACT_GATHER_INFO
2005-08-18	Name : The remote host is missing Sun Security Patch number 118666-86 File : solaris8_118666.nasl - Type : ACT_GATHER_INFO
2005-08-18	Name : The remote host is missing Sun Security Patch number 118668-86 File : solaris9_x86_118668.nasl - Type : ACT_GATHER_INFO
2005-08-18	Name : The remote host is missing Sun Security Patch number 118668-86 File : solaris10_x86_118668.nasl - Type : ACT_GATHER_INFO
2005-08-18	Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris10_118667.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/66909
CONFIRM	http://www-01.ibm.com/support/docview.wss?uid=swg21672080 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
DEBIAN	http://www.debian.org/security/2014/dsa-2912
GENTOO	http://security.gentoo.org/glsa/glsa-201406-32.xml http://security.gentoo.org/glsa/glsa-201502-12.xml
HP	http://marc.info/?l=bugtraq&m=140852886808946&w=2 http://marc.info/?l=bugtraq&m=140852974709252&w=2
REDHAT	http://rhn.redhat.com/errata/RHSA-2014-0675.html http://rhn.redhat.com/errata/RHSA-2014-0685.html https://access.redhat.com/errata/RHSA-2014:0413 https://access.redhat.com/errata/RHSA-2014:0414
SECUNIA	http://secunia.com/advisories/58415
UBUNTU	http://www.ubuntu.com/usn/USN-2187-1 http://www.ubuntu.com/usn/USN-2191-1

Alert History

If you want to see full details history, please login or register.

Date	Informations
2022-05-13 21:27:53	Multiple Updates
2022-05-10 00:23:10	Multiple Updates
2021-05-04 12:30:55	Multiple Updates
2021-04-22 01:37:30	Multiple Updates
2020-09-08 17:22:42	Multiple Updates
2020-05-23 00:40:32	Multiple Updates
2018-01-05 09:23:22	Multiple Updates
2017-12-22 09:21:08	Multiple Updates
2017-01-07 09:25:29	Multiple Updates
2016-08-23 09:24:50	Multiple Updates
2016-04-27 00:35:00	Multiple Updates
2015-11-23 21:24:11	Multiple Updates
2015-05-21 13:31:17	Multiple Updates
2015-02-27 21:23:26	Multiple Updates
2015-02-21 09:23:17	Multiple Updates
2015-02-17 13:24:52	Multiple Updates
2014-12-17 13:25:24	Multiple Updates
2014-11-08 13:31:42	Multiple Updates
2014-10-04 13:31:32	Multiple Updates
2014-09-24 13:28:12	Multiple Updates
2014-09-18 13:27:20	Multiple Updates
2014-07-31 13:25:17	Multiple Updates
2014-07-29 13:25:41	Multiple Updates
2014-07-01 13:25:28	Multiple Updates
2014-07-01 05:24:37	Multiple Updates
2014-06-26 09:24:42	Multiple Updates
2014-06-11 05:24:56	Multiple Updates
2014-06-05 09:21:36	Multiple Updates
2014-06-04 13:23:57	Multiple Updates
2014-06-02 13:24:09	Multiple Updates
2014-05-20 13:23:26	Multiple Updates
2014-05-17 13:23:44	Multiple Updates
2014-05-16 21:25:00	Multiple Updates
2014-05-16 09:22:38	Multiple Updates
2014-05-15 13:24:14	Multiple Updates
2014-05-10 13:25:54	Multiple Updates
2014-05-07 13:26:16	Multiple Updates
2014-05-03 13:22:45	Multiple Updates
2014-05-02 13:24:11	Multiple Updates
2014-04-26 13:21:59	Multiple Updates
2014-04-24 13:21:55	Multiple Updates
2014-04-19 13:23:01	Multiple Updates
2014-04-18 21:24:35	Multiple Updates
2014-04-18 13:25:57	Multiple Updates
2014-04-17 13:25:48	Multiple Updates
2014-04-16 21:22:36	Multiple Updates
2014-04-16 13:24:28	First insertion

Global Informations

Type	Count
Oval ID(s)	14
CPE ID(s)	16
Sources(s)	15
IAVM(s)	1
Nessus® Exploit(s)	71

	Related
10	USN-2191-1
10	USN-2187-1
10	RHSA-2014:0685
10	RHSA-2014:0675
10	RHSA-2014:0509
10	RHSA-2014:0508
10	RHSA-2014:0486
10	RHSA-2014:0414
10	RHSA-2014:0413
10	RHSA-2014:0412
10	RHSA-2014:0408
10	RHSA-2014:0407
10	RHSA-2014:0406
10	MDVSA-2014:100
10	HPSBUX03092 SSR...
10	HPSBUX03091 SSR...
10	GLSA-201502-12
10	GLSA-201406-32
10	DSA-2923
10	DSA-2912
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 20 more Alert(s)

7.5 - CVE-2014-2427

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

Information Assurance Vulnerability Management (IAVM)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU