Executive Summary

Summary
Title OpenJDK 7 regression
Informations
Name USN-2319-2 First vendor Publication 2014-08-26
Vendor Ubuntu Last vendor Modification 2014-08-26
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

USN-2319-1 introduced a regression in OpenJDK 7.

Software Description: - openjdk-7: Open Source Java implementation

Details:

USN-2319-1 fixed vulnerabilities in OpenJDK 7. Due to an upstream regression, verifying of the init method call would fail when it was done from inside a branch when stack frames are activated. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2014-2483, CVE-2014-2490, CVE-2014-4216, CVE-2014-4219,
CVE-2014-4223, CVE-2014-4262)

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to expose sensitive data over the network. (CVE-2014-4209, CVE-2014-4244,
CVE-2014-4263)

Two vulnerabilities were discovered in the OpenJDK JRE related to data
integrity. (CVE-2014-4218, CVE-2014-4266)

A vulnerability was discovered in the OpenJDK JRE related to availability.
An attacker could exploit this to cause a denial of service.
(CVE-2014-4264)

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure. An attacker could exploit these to expose sensitive
data over the network. (CVE-2014-4221, CVE-2014-4252, CVE-2014-4268)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS:
icedtea-7-jre-jamvm 7u65-2.5.1-4ubuntu1~0.14.04.2
openjdk-7-jre 7u65-2.5.1-4ubuntu1~0.14.04.2
openjdk-7-jre-headless 7u65-2.5.1-4ubuntu1~0.14.04.2
openjdk-7-jre-lib 7u65-2.5.1-4ubuntu1~0.14.04.2
openjdk-7-jre-zero 7u65-2.5.1-4ubuntu1~0.14.04.2

After a standard system update you need to restart any Java applications to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2319-2
http://www.ubuntu.com/usn/usn-2319-1
https://launchpad.net/bugs/1360392

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-7/7u65-2.5.1-4ubuntu1~0.14.04.2

Original Source

Url : http://www.ubuntu.com/usn/USN-2319-2

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24440
 
Oval ID: oval:org.mitre.oval:def:24440
Title: RHSA-2014:0889: java-1.7.0-openjdk security update (Critical)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0889-00
CESA-2014:0889
CVE-2014-2483
CVE-2014-2490
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4221
CVE-2014-4223
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4266
Version: 3
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
CentOS Linux 6
CentOS Linux 7
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24614
 
Oval ID: oval:org.mitre.oval:def:24614
Title: DEPRECATED: RHSA-2014:0889: java-1.7.0-openjdk security update (Critical)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0889-00
CESA-2014:0889
CVE-2014-2483
CVE-2014-2490
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4221
CVE-2014-4223
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4266
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
CentOS Linux 6
CentOS Linux 7
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24694
 
Oval ID: oval:org.mitre.oval:def:24694
Title: DSA-2980-1 -- openjdk-6 - security update
Description: Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the executionof arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
Family: unix Class: patch
Reference(s): DSA-2980-1
CVE-2014-2490
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4266
CVE-2014-4268
Version: 5
Platform(s): Debian GNU/Linux 7
Debian GNU/kFreeBSD 7
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24806
 
Oval ID: oval:org.mitre.oval:def:24806
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4262)
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4262
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24827
 
Oval ID: oval:org.mitre.oval:def:24827
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality (CVE-2014-4268)
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4268
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24828
 
Oval ID: oval:org.mitre.oval:def:24828
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity (CVE-2014-4218)
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4218
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24873
 
Oval ID: oval:org.mitre.oval:def:24873
Title: Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-4223)
Description: Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4223
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24964
 
Oval ID: oval:org.mitre.oval:def:24964
Title: DEPRECATED: RHSA-2014:0890: java-1.7.0-openjdk security update (Important)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0890-00
CESA-2014:0890
CVE-2014-2483
CVE-2014-2490
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4221
CVE-2014-4223
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4266
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24985
 
Oval ID: oval:org.mitre.oval:def:24985
Title: Unspecified vulnerability in Oracle Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-2483)
Description: Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations."
Family: windows Class: vulnerability
Reference(s): CVE-2014-2483
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25066
 
Oval ID: oval:org.mitre.oval:def:25066
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity (CVE-2014-4263)
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement."
Family: windows Class: vulnerability
Reference(s): CVE-2014-4263
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25092
 
Oval ID: oval:org.mitre.oval:def:25092
Title: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4219)
Description: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4219
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25136
 
Oval ID: oval:org.mitre.oval:def:25136
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity (CVE-2014-4209)
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4209
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25154
 
Oval ID: oval:org.mitre.oval:def:25154
Title: Unspecified vulnerability in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability
Description: Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2490
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25160
 
Oval ID: oval:org.mitre.oval:def:25160
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4216)
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4216
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25202
 
Oval ID: oval:org.mitre.oval:def:25202
Title: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity (CVE-2014-4266)
Description: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4266
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25216
 
Oval ID: oval:org.mitre.oval:def:25216
Title: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability (CVE-2014-4264)
Description: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4264
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25224
 
Oval ID: oval:org.mitre.oval:def:25224
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity (CVE-2014-4244)
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4244
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25249
 
Oval ID: oval:org.mitre.oval:def:25249
Title: RHSA-2014:0890: java-1.7.0-openjdk security update (Important)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0890-00
CESA-2014:0890
CVE-2014-2483
CVE-2014-2490
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4221
CVE-2014-4223
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4266
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25273
 
Oval ID: oval:org.mitre.oval:def:25273
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality (CVE-2014-4252)
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4252
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25281
 
Oval ID: oval:org.mitre.oval:def:25281
Title: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality (CVE-2014-4221)
Description: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4221
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25312
 
Oval ID: oval:org.mitre.oval:def:25312
Title: RHSA-2014:0902: java-1.7.0-oracle security update (Critical)
Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4219, CVE-2014-2490, CVE-2014-4216, CVE-2014-4223, CVE-2014-4262, CVE-2014-2483, CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266, CVE-2014-4221, CVE-2014-4244, CVE-2014-4263, CVE-2014-4227, CVE-2014-4265, CVE-2014-4220, CVE-2014-4208, CVE-2014-4264) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: The way in which the Oracle Java SE packages are delivered has changed. They now reside in a separate channel/repository that requires action from the user to perform prior to getting updated packages. For information on subscribing to the new channel/repository please refer to: https://access.redhat.com/solutions/732883 All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 65 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0902-00
CVE-2014-2483
CVE-2014-2490
CVE-2014-4208
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4220
CVE-2014-4221
CVE-2014-4223
CVE-2014-4227
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4264
CVE-2014-4265
CVE-2014-4266
Version: 3
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.7.0-oracle
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25358
 
Oval ID: oval:org.mitre.oval:def:25358
Title: RHSA-2014:0907: java-1.6.0-openjdk security and bug fix update (Important)
Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2014-4262) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: * Prior to this update, an application accessing an unsynchronized HashMap could potentially enter an infinite loop and consume an excessive amount of CPU resources. This update resolves this issue. (BZ#1115580) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0907-00
CESA-2014:0907
CVE-2014-2490
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4266
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
CentOS Linux 5
CentOS Linux 6
CentOS Linux 7
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25648
 
Oval ID: oval:org.mitre.oval:def:25648
Title: DSA-2987-1 -- openjdk-7 - security update
Description: Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
Family: unix Class: patch
Reference(s): DSA-2987-1
CVE-2014-2483
CVE-2014-2490
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4221
CVE-2014-4223
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4264
CVE-2014-4266
CVE-2014-4268
Version: 5
Platform(s): Debian GNU/Linux 7
Debian GNU/kFreeBSD 7
Product(s): openjdk-7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25679
 
Oval ID: oval:org.mitre.oval:def:25679
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4209
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25891
 
Oval ID: oval:org.mitre.oval:def:25891
Title: USN-2312-1 -- openjdk-6 vulnerabilities
Description: Several security issues were fixed in OpenJDK 6.
Family: unix Class: patch
Reference(s): USN-2312-1
CVE-2014-2490
CVE-2014-4216
CVE-2014-4219
CVE-2014-4262
CVE-2014-4209
CVE-2014-4244
CVE-2014-4263
CVE-2014-4218
CVE-2014-4266
CVE-2014-4252
CVE-2014-4268
Version: 3
Platform(s): Ubuntu 12.04
Ubuntu 10.04
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25998
 
Oval ID: oval:org.mitre.oval:def:25998
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4219
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26042
 
Oval ID: oval:org.mitre.oval:def:26042
Title: RHSA-2014:1041: java-1.7.0-ibm security update (Critical)
Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-4208, CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4220, CVE-2014-4221, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265, CVE-2014-4266) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR7-FP1 release. All running instances of IBM Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1041-00
CVE-2014-4208
CVE-2014-4209
CVE-2014-4218
CVE-2014-4219
CVE-2014-4220
CVE-2014-4221
CVE-2014-4227
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4265
CVE-2014-4266
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.7.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26067
 
Oval ID: oval:org.mitre.oval:def:26067
Title: USN-2319-3 -- openjdk-7 update
Description: This update provides stability updates for OpenJDK 7.
Family: unix Class: patch
Reference(s): USN-2319-3
CVE-2014-2483
CVE-2014-2490
CVE-2014-4216
CVE-2014-4219
CVE-2014-4223
CVE-2014-4262
CVE-2014-4209
CVE-2014-4244
CVE-2014-4263
CVE-2014-4218
CVE-2014-4266
CVE-2014-4264
CVE-2014-4221
CVE-2014-4252
CVE-2014-4268
Version: 3
Platform(s): Ubuntu 14.04
Product(s): openjdk-7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26076
 
Oval ID: oval:org.mitre.oval:def:26076
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4264
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26101
 
Oval ID: oval:org.mitre.oval:def:26101
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4218
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26198
 
Oval ID: oval:org.mitre.oval:def:26198
Title: USN-2319-2 -- openjdk-7 regression
Description: USN-2319-1 introduced a regression in OpenJDK 7.
Family: unix Class: patch
Reference(s): USN-2319-2
CVE-2014-2483
CVE-2014-2490
CVE-2014-4216
CVE-2014-4219
CVE-2014-4223
CVE-2014-4262
CVE-2014-4209
CVE-2014-4244
CVE-2014-4263
CVE-2014-4218
CVE-2014-4266
CVE-2014-4264
CVE-2014-4221
CVE-2014-4252
CVE-2014-4268
Version: 3
Platform(s): Ubuntu 14.04
Product(s): openjdk-7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26370
 
Oval ID: oval:org.mitre.oval:def:26370
Title: RHSA-2014:1036: java-1.5.0-ibm security update (Important)
Description: IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP7 release. All running instances of IBM Java must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1036-00
CVE-2014-4209
CVE-2014-4218
CVE-2014-4219
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26379
 
Oval ID: oval:org.mitre.oval:def:26379
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4262
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26497
 
Oval ID: oval:org.mitre.oval:def:26497
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4216
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26513
 
Oval ID: oval:org.mitre.oval:def:26513
Title: USN-2319-1 -- openjdk-7 vulnerabilities
Description: Several security issues were fixed in OpenJDK 7.
Family: unix Class: patch
Reference(s): USN-2319-1
CVE-2014-2483
CVE-2014-2490
CVE-2014-4216
CVE-2014-4219
CVE-2014-4223
CVE-2014-4262
CVE-2014-4209
CVE-2014-4244
CVE-2014-4263
CVE-2014-4218
CVE-2014-4266
CVE-2014-4264
CVE-2014-4221
CVE-2014-4252
CVE-2014-4268
Version: 3
Platform(s): Ubuntu 14.04
Product(s): openjdk-7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26545
 
Oval ID: oval:org.mitre.oval:def:26545
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4221
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26557
 
Oval ID: oval:org.mitre.oval:def:26557
Title: SUSE-SU-2014:1055-1 -- Security update for IBM Java
Description: java-1_6_0-ibm has been updated to fix several security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1055-1
CVE-2014-4227
CVE-2014-4262
CVE-2014-4219
CVE-2014-4209
CVE-2014-4268
CVE-2014-4218
CVE-2014-4252
CVE-2014-4265
CVE-2014-4263
CVE-2014-4244
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): IBM Java
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26588
 
Oval ID: oval:org.mitre.oval:def:26588
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4268
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26592
 
Oval ID: oval:org.mitre.oval:def:26592
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4252
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26655
 
Oval ID: oval:org.mitre.oval:def:26655
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement."
Family: unix Class: vulnerability
Reference(s): CVE-2014-4263
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26670
 
Oval ID: oval:org.mitre.oval:def:26670
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations."
Family: unix Class: vulnerability
Reference(s): CVE-2014-2483
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26676
 
Oval ID: oval:org.mitre.oval:def:26676
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4244
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26717
 
Oval ID: oval:org.mitre.oval:def:26717
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4266
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26720
 
Oval ID: oval:org.mitre.oval:def:26720
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4223
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26723
 
Oval ID: oval:org.mitre.oval:def:26723
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2490
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26967
 
Oval ID: oval:org.mitre.oval:def:26967
Title: DEPRECATED: SUSE-SU-2014:1055-1 -- Security update for IBM Java
Description: java-1_6_0-ibm has been updated to fix several security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1055-1
CVE-2014-4227
CVE-2014-4262
CVE-2014-4219
CVE-2014-4209
CVE-2014-4268
CVE-2014-4218
CVE-2014-4252
CVE-2014-4265
CVE-2014-4263
CVE-2014-4244
Version: 4
Platform(s): SUSE Linux Enterprise Server 11
Product(s): IBM Java
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26995
 
Oval ID: oval:org.mitre.oval:def:26995
Title: ELSA-2014-0890 -- java-1.7.0-openjdk security update (important)
Description: [1.7.0.65-2.5.1.2.0.1.el5_10] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1.7.0.65-2.5.1.2] - added and applied fix for samrtcard io patch405, pr1864_smartcardIO.patch - Resolves: rhbz#1115872 [1.7.0.65-2.5.1.1.el5] - updated to security patched icedtea7-forest 2.5.1 - Resolves: rhbz#1115872 [1.7.0.60-2.5.0.1.el5] - update to icedtea7-forest 2.5.0 (rh1114937) - Resolves: rhbz#1115872
Family: unix Class: patch
Reference(s): ELSA-2014-0890
CVE-2014-2483
CVE-2014-2490
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4221
CVE-2014-4223
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4266
Version: 5
Platform(s): Oracle Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27141
 
Oval ID: oval:org.mitre.oval:def:27141
Title: ELSA-2014-0889 -- java-1.7.0-openjdk security update (critical)
Description: [1.7.0.65-2.5.1.2.0.1.el6_5] - Update DISTRO_NAME in specfile [1.7.0.65-2.5.1.2] - added and applied fix for samrtcard io patch405, pr1864_smartcardIO.patch - Resolves: rhbz#1115874 [1.7.0.65-2.5.1.1.el6] - updated to security patched icedtea7-forest 2.5.1 - Resolves: rhbz#1115874 [1.7.0.60-2.5.0.1.el6] - update to icedtea7-forest 2.5.0 - Resolves: rhbz#1115874
Family: unix Class: patch
Reference(s): ELSA-2014-0889
CVE-2014-2483
CVE-2014-2490
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4221
CVE-2014-4223
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4266
Version: 5
Platform(s): Oracle Linux 6
Oracle Linux 7
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27342
 
Oval ID: oval:org.mitre.oval:def:27342
Title: ELSA-2014-0907 -- java-1.6.0-openjdk security and bug fix update (important)
Description: [1:1.6.0.1-6.1.13.4] - moved to icedteaver 1.13.4 - moved to openjdkver b32 and openjdkdate 15_jul_2014 - added upstreamed patch patch9 rh1115580-unsyncHashMap.patch - Resolves: rhbz#1115580 - Resolves: rhbz#1115867
Family: unix Class: patch
Reference(s): ELSA-2014-0907
CVE-2014-2490
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4266
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Oracle Linux 7
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28409
 
Oval ID: oval:org.mitre.oval:def:28409
Title: DSA-2987-2 -- openjdk-7 regression update
Description: Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
Family: unix Class: patch
Reference(s): DSA-2987-2
CVE-2014-2483
CVE-2014-2490
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4221
CVE-2014-4223
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4264
CVE-2014-4266
CVE-2014-4268
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): openjdk-7
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4
Application 4
Application 2
Application 1
Os 1
Os 2
Os 3

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-01-22 IAVM : 2015-B-0007 - Multiple Vulnerabilities in Juniper Secure Analytics (JSA) and Security Threa...
Severity : Category I - VMSKEY : V0058213
2014-07-17 IAVM : 2014-A-0105 - Multiple Vulnerabilities in Oracle Java
Severity : Category I - VMSKEY : V0053191

Snort® IPS/IDS

Date Description
2019-07-23 Oracle Java AtomicReferenceFieldUpdater remote code execution attempt
RuleID : 50460 - Revision : 1 - Type : FILE-JAVA
2019-07-23 Oracle Java AtomicReferenceFieldUpdater remote code execution attempt
RuleID : 50459 - Revision : 1 - Type : FILE-JAVA
2016-03-22 Oracle Java IntegerInterleavedRaster integer overflow attempt
RuleID : 37805 - Revision : 3 - Type : FILE-JAVA
2016-03-22 Oracle Java IntegerInterleavedRaster integer overflow attempt
RuleID : 37804 - Revision : 4 - Type : FILE-JAVA

Nessus® Vulnerability Scanner

Date Description
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-96.nasl - Type : ACT_GATHER_INFO
2015-03-12 Name : The remote host has software installed that is affected by multiple vulnerabi...
File : ibm_rational_clearquest_8_0_1_6.nasl - Type : ACT_GATHER_INFO
2015-02-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0264.nasl - Type : ACT_GATHER_INFO
2015-02-16 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201502-12.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote device is affected by multiple vulnerabilities.
File : juniper_space_jsa10659.nasl - Type : ACT_GATHER_INFO
2014-12-16 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-773.nasl - Type : ACT_GATHER_INFO
2014-12-16 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-772.nasl - Type : ACT_GATHER_INFO
2014-12-12 Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2014-0012.nasl - Type : ACT_GATHER_INFO
2014-12-12 Name : The remote host has an update manager installed that is affected by multiple ...
File : vmware_vcenter_update_mgr_vmsa-2014-0012.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0908.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0902.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-387.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-383.nasl - Type : ACT_GATHER_INFO
2014-09-17 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2319-3.nasl - Type : ACT_GATHER_INFO
2014-08-29 Name : The remote application server may be affected by multiple vulnerabilities.
File : websphere_8_5_5_3.nasl - Type : ACT_GATHER_INFO
2014-08-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2319-2.nasl - Type : ACT_GATHER_INFO
2014-08-22 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-140815.nasl - Type : ACT_GATHER_INFO
2014-08-22 Name : The remote AIX host has a version of Java SDK installed that is affected by m...
File : aix_java_jul2014_advisory.nasl - Type : ACT_GATHER_INFO
2014-08-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2319-1.nasl - Type : ACT_GATHER_INFO
2014-08-20 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_7_0-ibm-140815.nasl - Type : ACT_GATHER_INFO
2014-08-20 Name : A web application on the remote host is affected by multiple vulnerabilities.
File : puppet_enterprise_331.nasl - Type : ACT_GATHER_INFO
2014-08-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2312-1.nasl - Type : ACT_GATHER_INFO
2014-08-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1042.nasl - Type : ACT_GATHER_INFO
2014-08-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1041.nasl - Type : ACT_GATHER_INFO
2014-08-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1036.nasl - Type : ACT_GATHER_INFO
2014-08-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1033.nasl - Type : ACT_GATHER_INFO
2014-08-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_7_0-openjdk-140721.nasl - Type : ACT_GATHER_INFO
2014-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-141.nasl - Type : ACT_GATHER_INFO
2014-07-29 Name : The remote Windows host contains a programming platform that is affected by m...
File : oracle_jrockit_cpu_jul_2014.nasl - Type : ACT_GATHER_INFO
2014-07-26 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2987.nasl - Type : ACT_GATHER_INFO
2014-07-23 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2980.nasl - Type : ACT_GATHER_INFO
2014-07-22 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0907.nasl - Type : ACT_GATHER_INFO
2014-07-22 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0907.nasl - Type : ACT_GATHER_INFO
2014-07-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0907.nasl - Type : ACT_GATHER_INFO
2014-07-22 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140721_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140716_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140716_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0890.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0889.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0890.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0889.nasl - Type : ACT_GATHER_INFO
2014-07-16 Name : The remote Windows host contains a programming platform that is affected by m...
File : oracle_java_cpu_jul_2014.nasl - Type : ACT_GATHER_INFO
2014-07-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0890.nasl - Type : ACT_GATHER_INFO
2014-07-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0889.nasl - Type : ACT_GATHER_INFO
2014-07-16 Name : The remote Unix host contains a programming platform that is affected by mult...
File : oracle_java_cpu_jul_2014_unix.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-08-27 13:24:37
  • Multiple Updates
2014-08-26 05:22:45
  • First insertion