Executive Summary

Informations
Name CVE-2014-6562 First vendor Publication 2014-10-15
Vendor Cve Last vendor Modification 2020-09-08

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Unspecified vulnerability in Oracle Java SE 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6562

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26947
 
Oval ID: oval:org.mitre.oval:def:26947
Title: RHSA-2014:1636: java-1.8.0-openjdk security update (Important)
Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. It was discovered that the Libraries component in OpenJDK failed to properly handle ZIP archives that contain entries with a NUL byte used in the file names. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2014-6562) Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the Hotspot component in OpenJDK failed to properly handle malformed Shared Archive files. A local attacker able to modify a Shared Archive file used by a virtual machine of a different user could possibly use this flaw to escalate their privileges. (CVE-2014-6468) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1636-00
CVE-2014-6457
CVE-2014-6468
CVE-2014-6502
CVE-2014-6504
CVE-2014-6506
CVE-2014-6511
CVE-2014-6512
CVE-2014-6517
CVE-2014-6519
CVE-2014-6531
CVE-2014-6558
CVE-2014-6562
CESA-2014:1636
Version: 5
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): java-1.8.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27224
 
Oval ID: oval:org.mitre.oval:def:27224
Title: ELSA-2014-1636 -- java-1.8.0-openjdk security update (important)
Description: [1:1.8.0.25-1.b17] - Update to October CPU patch update. - Resolves: RHBZ#1148896
Family: unix Class: patch
Reference(s): ELSA-2014-1636
CVE-2014-6457
CVE-2014-6502
CVE-2014-6504
CVE-2014-6506
CVE-2014-6511
CVE-2014-6512
CVE-2014-6517
CVE-2014-6519
CVE-2014-6531
CVE-2014-6558
CVE-2014-6468
CVE-2014-6562
Version: 3
Platform(s): Oracle Linux 6
Product(s): java-1.8.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27962
 
Oval ID: oval:org.mitre.oval:def:27962
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6562
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28277
 
Oval ID: oval:org.mitre.oval:def:28277
Title: SUSE-SU-2014:1392-1 -- Security update for Java OpenJDK (moderate)
Description: Oracle Critical Patch Update Advisory - October 2014 Description: A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Find more information here: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html <http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1392-1
CVE-2014-4288
CVE-2014-6456
CVE-2014-6457
CVE-2014-6458
CVE-2014-6466
CVE-2014-6468
CVE-2014-6476
CVE-2014-6485
CVE-2014-6492
CVE-2014-6493
CVE-2014-6502
CVE-2014-6503
CVE-2014-6504
CVE-2014-6506
CVE-2014-6511
CVE-2014-6512
CVE-2014-6513
CVE-2014-6515
CVE-2014-6517
CVE-2014-6519
CVE-2014-6527
CVE-2014-6531
CVE-2014-6532
CVE-2014-6558
CVE-2014-6562
Version: 3
Platform(s): SUSE Linux Enterprise Desktop 11
Product(s): Java OpenJDK
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1

Nessus® Vulnerability Scanner

Date Description
2015-02-16 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201502-12.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1636.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_7_0-openjdk-141024.nasl - Type : ACT_GATHER_INFO
2014-11-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141015_java_1_8_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1636.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-432.nasl - Type : ACT_GATHER_INFO
2014-10-15 Name : The remote Windows host contains a programming platform that is affected by m...
File : oracle_java_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO
2014-10-15 Name : The remote Unix host contains a programming platform that is affected by mult...
File : oracle_java_cpu_oct_2014_unix.nasl - Type : ACT_GATHER_INFO
2014-10-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1636.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/70523
CONFIRM http://linux.oracle.com/errata/ELSA-2014-1636
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
GENTOO http://security.gentoo.org/glsa/glsa-201502-12.xml
REDHAT http://rhn.redhat.com/errata/RHSA-2014-1636.html
SECUNIA http://secunia.com/advisories/60416
http://secunia.com/advisories/61609
http://secunia.com/advisories/61928

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Date Informations
2021-05-04 12:33:05
  • Multiple Updates
2021-04-22 01:40:31
  • Multiple Updates
2020-09-08 17:22:43
  • Multiple Updates
2020-05-23 00:42:08
  • Multiple Updates
2016-04-27 01:11:21
  • Multiple Updates
2015-02-21 09:24:05
  • Multiple Updates
2015-02-17 13:25:02
  • Multiple Updates
2014-11-13 13:27:15
  • Multiple Updates
2014-11-05 13:28:04
  • Multiple Updates
2014-10-31 13:25:54
  • Multiple Updates
2014-10-24 13:27:54
  • Multiple Updates
2014-10-24 13:25:37
  • Multiple Updates
2014-10-20 13:24:59
  • Multiple Updates
2014-10-20 09:24:29
  • Multiple Updates
2014-10-16 13:25:45
  • Multiple Updates
2014-10-16 05:27:37
  • First insertion