5.8 - CVE-2014-0878

Executive Summary

Informations
Name	CVE-2014-0878	First vendor Publication	2014-05-26
Vendor	Cve	Last vendor Modification	2017-08-29

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Cvss Base Score	5.8	Attack Range	Network
Cvss Impact Score	4.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0878

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-310	Cryptographic Issues

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:25167

Oval ID:	oval:org.mitre.oval:def:25167
Title:	SUSE-SU-2014:0733-1 -- Security update for IBM Java 7
Description:	IBM Java 7 was updated to version SR7, which received security and bug fixes.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0733-1 CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0446 CVE-2014-0448 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2402 CVE-2014-2409 CVE-2014-2412 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428 CVE-2014-0455 CVE-2014-0428 CVE-2014-0453 CVE-2014-0454 CVE-2014-0878	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	IBM Java 7
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section java-1_7_0-ibm RPM is earlier than 0:1.7.0_sr7.0-0.5.1 AND java-1_7_0-ibm-devel RPM is earlier than 0:1.7.0_sr7.0-0.5.1 AND java-1_7_0-ibm-jdbc RPM is earlier than 0:1.7.0_sr7.0-0.5.1 AND java-1_7_0-ibm-alsa RPM is earlier than 0:1.7.0_sr7.0-0.5.1 AND java-1_7_0-ibm-plugin RPM is earlier than 0:1.7.0_sr7.0-0.5.1

Definition Id: oval:org.mitre.oval:def:25310

Oval ID:	oval:org.mitre.oval:def:25310
Title:	SUSE-SU-2014:0733-2 -- Security update for IBM Java 7
Description:	IBM Java 7 was updated to version SR7, which received security and bug fixes.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0733-2 CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0446 CVE-2014-0448 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2402 CVE-2014-2409 CVE-2014-2412 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428 CVE-2014-0455 CVE-2014-0428 CVE-2014-0453 CVE-2014-0454 CVE-2014-0878	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	IBM Java 7
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section java-1_7_0-ibm RPM is earlier than 0:1.7.0_sr7.0-0.5.1 AND java-1_7_0-ibm-jdbc RPM is earlier than 0:1.7.0_sr7.0-0.5.1 AND java-1_7_0-ibm-alsa RPM is earlier than 0:1.7.0_sr7.0-0.5.1 AND java-1_7_0-ibm-plugin RPM is earlier than 0:1.7.0_sr7.0-0.5.1

Definition Id: oval:org.mitre.oval:def:25385

Oval ID:	oval:org.mitre.oval:def:25385
Title:	SUSE-SU-2014:0728-2 -- Security update for IBM Java 6
Description:	IBM Java 6 was updated to version 6 SR16 to fix several security issues and various other bugs.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0728-2 CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0446 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2409 CVE-2014-2412 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428 CVE-2014-0428 CVE-2014-0453 CVE-2014-0878	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 10	Product(s):	IBM Java 6
Definition Synopsis:
SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section java-1_6_0-ibm RPM is earlier than 0:1.6.0_sr16.0-0.3.1 AND java-1_6_0-ibm-devel RPM is earlier than 0:1.6.0_sr16.0-0.3.1 AND java-1_6_0-ibm-fonts RPM is earlier than 0:1.6.0_sr16.0-0.3.1 AND java-1_6_0-ibm-jdbc RPM is earlier than 0:1.6.0_sr16.0-0.3.1 AND java-1_6_0-ibm-plugin RPM is earlier than 0:1.6.0_sr16.0-0.3.1 AND java-1_6_0-ibm-alsa RPM is earlier than 0:1.6.0_sr16.0-0.3.1 AND SUSE Linux Enterprise Server 10 release section SUSE Linux Enterprise Server 10 is installed Packages match section java-1_6_0-ibm RPM is earlier than 0:1.6.0_sr16.0-0.8.1 AND java-1_6_0-ibm-devel RPM is earlier than 0:1.6.0_sr16.0-0.8.1 AND java-1_6_0-ibm-fonts RPM is earlier than 0:1.6.0_sr16.0-0.8.1 AND java-1_6_0-ibm-jdbc RPM is earlier than 0:1.6.0_sr16.0-0.8.1 AND java-1_6_0-ibm-32bit RPM is earlier than 0:1.6.0_sr16.0-0.8.1 AND java-1_6_0-ibm-devel-32bit RPM is earlier than 0:1.6.0_sr16.0-0.8.1 AND java-1_6_0-ibm-plugin RPM is earlier than 0:1.6.0_sr16.0-0.8.1 AND java-1_6_0-ibm-alsa-32bit RPM is earlier than 0:1.6.0_sr16.0-0.8.1 AND java-1_6_0-ibm-plugin-32bit RPM is earlier than 0:1.6.0_sr16.0-0.8.1 AND java-1_6_0-ibm-alsa RPM is earlier than 0:1.6.0_sr16.0-0.8.1 AND java-1_6_0-ibm RPM is earlier than 0:1.6.0_sr16.0-0.5.1 AND java-1_6_0-ibm-devel RPM is earlier than 0:1.6.0_sr16.0-0.5.1 AND java-1_6_0-ibm-fonts RPM is earlier than 0:1.6.0_sr16.0-0.5.1 AND java-1_6_0-ibm-jdbc RPM is earlier than 0:1.6.0_sr16.0-0.5.1 AND java-1_6_0-ibm-32bit RPM is earlier than 0:1.6.0_sr16.0-0.5.1 AND java-1_6_0-ibm-devel-32bit RPM is earlier than 0:1.6.0_sr16.0-0.5.1 AND java-1_6_0-ibm-plugin RPM is earlier than 0:1.6.0_sr16.0-0.5.1 AND java-1_6_0-ibm-alsa-32bit RPM is earlier than 0:1.6.0_sr16.0-0.5.1 AND java-1_6_0-ibm-plugin-32bit RPM is earlier than 0:1.6.0_sr16.0-0.5.1 AND java-1_6_0-ibm-alsa RPM is earlier than 0:1.6.0_sr16.0-0.5.1

Definition Id: oval:org.mitre.oval:def:25410

Oval ID:	oval:org.mitre.oval:def:25410
Title:	SUSE-SU-2014:0732-1 -- Security update for IBM Java 5
Description:	IBM Java 5 was updated to SR 16 FP 6 to fix several bugs and security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0732-1 CVE-2013-6629 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0457 CVE-2014-0460 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2412 CVE-2014-2421 CVE-2014-2427 CVE-2014-0453 CVE-2014-0878	Version:	3
Platform(s):	SUSE Linux Enterprise Server 10	Product(s):	IBM Java 5
Definition Synopsis:
SUSE Linux Enterprise Server 10 is installed Packages match section java-1_5_0-ibm RPM is earlier than 0:1.5.0_sr16.6-0.5.1 AND java-1_5_0-ibm-devel RPM is earlier than 0:1.5.0_sr16.6-0.5.1 AND java-1_5_0-ibm-fonts RPM is earlier than 0:1.5.0_sr16.6-0.5.1 AND java-1_5_0-ibm-32bit RPM is earlier than 0:1.5.0_sr16.6-0.5.1 AND java-1_5_0-ibm-devel-32bit RPM is earlier than 0:1.5.0_sr16.6-0.5.1 AND java-1_5_0-ibm-alsa-32bit RPM is earlier than 0:1.5.0_sr16.6-0.5.1 AND java-1_5_0-ibm-alsa RPM is earlier than 0:1.5.0_sr16.6-0.5.1 AND java-1_5_0-ibm-jdbc RPM is earlier than 0:1.5.0_sr16.6-0.5.1 AND java-1_5_0-ibm-plugin RPM is earlier than 0:1.5.0_sr16.6-0.5.1

Definition Id: oval:org.mitre.oval:def:25419

Oval ID:	oval:org.mitre.oval:def:25419
Title:	SUSE-SU-2014:0728-3 -- Security update for IBM Java 6
Description:	BM Java 6 was updated to version 6 SR16 to fix several security issues and various other bugs.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0728-3 CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0446 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2409 CVE-2014-2412 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428 CVE-2014-0428 CVE-2014-0453 CVE-2014-0878	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	IBM Java 6
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section java-1_6_0-ibm RPM is earlier than 0:1.6.0_sr16.0-0.3.1 AND java-1_6_0-ibm-fonts RPM is earlier than 0:1.6.0_sr16.0-0.3.1 AND java-1_6_0-ibm-jdbc RPM is earlier than 0:1.6.0_sr16.0-0.3.1 AND java-1_6_0-ibm-plugin RPM is earlier than 0:1.6.0_sr16.0-0.3.1 AND java-1_6_0-ibm-alsa RPM is earlier than 0:1.6.0_sr16.0-0.3.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Ibm Java Sdk cpe:2.3:a:ibm:java_sdk:7.1.0.0::::technology::: cpe:2.3:a:ibm:java_sdk:7.0.6.1::::technology::: cpe:2.3:a:ibm:java_sdk:7.0.6.0::::technology::: cpe:2.3:a:ibm:java_sdk:7.0.5.0::::technology::: cpe:2.3:a:ibm:java_sdk:7.0.4.2::::technology::: cpe:2.3:a:ibm:java_sdk:7.0.4.1::::technology::: cpe:2.3:a:ibm:java_sdk:7.0.4.0::::technology::: cpe:2.3:a:ibm:java_sdk:7.0.3.0::::technology::: cpe:2.3:a:ibm:java_sdk:7.0.2.0::::technology::: cpe:2.3:a:ibm:java_sdk:7.0.1.0::::technology::: cpe:2.3:a:ibm:java_sdk:7.0.0.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.9.2::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.9.1::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.9.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.8.1::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.8.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.7.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.6.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.5.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.4.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.3.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.2.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.15.1::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.15.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.14.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.13.2::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.13.1::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.13.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.12.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.11.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.10.1::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.10.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.1.0::::technology::: cpe:2.3:a:ibm:java_sdk:6.0.0.0::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.16.5::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.16.4::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.16.3::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.16.2::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.16.1::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.16.0::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.15.0::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.14.0::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.13.0::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.12.5::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.12.4::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.12.3::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.12.2::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.12.1::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.12.0::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.11.2::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.11.1::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.11.0::::technology::: cpe:2.3:a:ibm:java_sdk:5.0.0.0::::technology:::	53

Nessus® Vulnerability Scanner

Date	Description
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0732-1.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0982.nasl - Type : ACT_GATHER_INFO
2014-08-04	Name : The remote application server is affected by multiple vulnerabilities. File : websphere_8_0_0_9.nasl - Type : ACT_GATHER_INFO
2014-08-01	Name : The remote application server is affected by multiple vulnerabilities. File : websphere_7_0_0_33.nasl - Type : ACT_GATHER_INFO
2014-07-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0705.nasl - Type : ACT_GATHER_INFO
2014-07-28	Name : The remote AIX host has a version of Java SDK installed that is potentially a... File : aix_java_apr2014_advisory.nasl - Type : ACT_GATHER_INFO
2014-06-03	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-140514.nasl - Type : ACT_GATHER_INFO
2014-06-01	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-140515.nasl - Type : ACT_GATHER_INFO
2014-05-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0508.nasl - Type : ACT_GATHER_INFO
2014-05-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0509.nasl - Type : ACT_GATHER_INFO
2014-05-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0486.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/67601
CONFIRM	http://www-01.ibm.com/support/docview.wss?uid=swg21672043 http://www-01.ibm.com/support/docview.wss?uid=swg21673836 http://www-01.ibm.com/support/docview.wss?uid=swg21674539 http://www-01.ibm.com/support/docview.wss?uid=swg21676672 http://www-01.ibm.com/support/docview.wss?uid=swg21676703 http://www-01.ibm.com/support/docview.wss?uid=swg21676746 http://www-01.ibm.com/support/docview.wss?uid=swg21679610 http://www-01.ibm.com/support/docview.wss?uid=swg21679713 http://www-01.ibm.com/support/docview.wss?uid=swg21680750 http://www-01.ibm.com/support/docview.wss?uid=swg21681256 http://www-01.ibm.com/support/docview.wss?uid=swg21683484 http://www-01.ibm.com/support/docview.wss?uid=swg21686717 http://www-01.ibm.com/support/docview.wss?uid=swg21689593 http://www.ibm.com/support/docview.wss?uid=swg21675343 http://www.ibm.com/support/docview.wss?uid=swg21675588 http://www.ibm.com/support/docview.wss?uid=swg21677387
SECUNIA	http://secunia.com/advisories/59022 http://secunia.com/advisories/59023 http://secunia.com/advisories/59058 http://secunia.com/advisories/61264
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/91084

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-04 12:29:45	Multiple Updates
2021-04-22 01:35:57	Multiple Updates
2020-05-23 00:39:42	Multiple Updates
2017-08-29 09:24:26	Multiple Updates
2017-01-07 09:25:20	Multiple Updates
2016-04-28 13:28:16	Multiple Updates
2016-04-27 00:10:22	Multiple Updates
2016-04-26 13:27:45	Multiple Updates
2015-05-21 13:31:09	Multiple Updates
2015-01-03 09:23:35	Multiple Updates
2014-12-24 09:23:22	Multiple Updates
2014-11-19 09:23:05	Multiple Updates
2014-11-08 13:31:38	Multiple Updates
2014-09-04 13:25:22	Multiple Updates
2014-08-05 13:25:50	Multiple Updates
2014-08-02 13:24:17	Multiple Updates
2014-07-31 13:25:12	Multiple Updates
2014-07-29 13:25:38	Multiple Updates
2014-07-17 09:22:29	Multiple Updates
2014-06-21 09:25:16	Multiple Updates
2014-06-04 13:23:55	Multiple Updates
2014-06-02 13:24:07	Multiple Updates
2014-05-28 00:20:34	Multiple Updates
2014-05-27 00:20:26	First insertion

5.8 - CVE-2014-0878

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU