Executive Summary

Informations
Name CVE-2014-6558 First vendor Publication 2014-10-15
Vendor Cve Last vendor Modification 2017-01-03

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Cvss Base Score 2.6 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26179
 
Oval ID: oval:org.mitre.oval:def:26179
Title: ELSA-2014-1634 -- java-1.6.0-openjdk security and bug fix update
Description: [1:1.6.0.33-1.13.5.0] - Update to IcedTea 1.13.5 - Remove upstreamed patches. - Regenerate add-final-location-rpaths patch against new release. - Change versioning to match java-1.7.0-openjdk so revisions work. - Use xz for tarballs to reduce file size. - No need to explicitly disable system LCMS any more (bug fixed upstream). - Add icedteasnapshot to setup lines so they work with pre-release tarballs. - Resolves: rhbz#1148901
Family: unix Class: patch
Reference(s): ELSA-2014-1634
CVE-2014-6457
CVE-2014-6502
CVE-2014-6504
CVE-2014-6506
CVE-2014-6511
CVE-2014-6512
CVE-2014-6517
CVE-2014-6519
CVE-2014-6531
CVE-2014-6558
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Oracle Linux 7
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26716
 
Oval ID: oval:org.mitre.oval:def:26716
Title: ELSA-2014-1620 -- java-1.7.0-openjdk security and bug fix update
Description: [1:1.7.0.65-2.5.3.1.0.1.el7_0] - Update DISTRO_NAME in specfile [1:1.7.0.65-2.5.3.1] - Bump to 2.5.3 for latest security fixes. - Remove obsolete patches. - Add hsbootstrap option to pre-build HotSpot when required. - Resolves: rhbz#1148893
Family: unix Class: patch
Reference(s): ELSA-2014-1620
CVE-2014-6457
CVE-2014-6502
CVE-2014-6504
CVE-2014-6506
CVE-2014-6511
CVE-2014-6512
CVE-2014-6517
CVE-2014-6519
CVE-2014-6531
CVE-2014-6558
Version: 6
Platform(s): Oracle Linux 6
Oracle Linux 7
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26796
 
Oval ID: oval:org.mitre.oval:def:26796
Title: ELSA-2014-1633 -- java-1.7.0-openjdk security and bug fix update
Description: [1:1.7.0.71-2.5.3.1.0.1.el5_11] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1:1.7.0.71-2.5.3.1] - Bump to 2.5.3 with security updates. - Remove obsolete patches which are now included upstream. - Disable LCMS via environment variables rather than maintaining a patch. - Resolves: rhbz#1148890
Family: unix Class: patch
Reference(s): ELSA-2014-1633
CVE-2014-6457
CVE-2014-6502
CVE-2014-6504
CVE-2014-6506
CVE-2014-6511
CVE-2014-6512
CVE-2014-6517
CVE-2014-6519
CVE-2014-6531
CVE-2014-6558
Version: 6
Platform(s): Oracle Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26915
 
Oval ID: oval:org.mitre.oval:def:26915
Title: RHSA-2014:1657: java-1.7.0-oracle security update (Critical)
Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 72 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1657-00
CVE-2014-4288
CVE-2014-6456
CVE-2014-6457
CVE-2014-6458
CVE-2014-6476
CVE-2014-6492
CVE-2014-6493
CVE-2014-6502
CVE-2014-6503
CVE-2014-6504
CVE-2014-6506
CVE-2014-6511
CVE-2014-6512
CVE-2014-6515
CVE-2014-6517
CVE-2014-6519
CVE-2014-6527
CVE-2014-6531
CVE-2014-6532
CVE-2014-6558
Version: 5
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 7
Product(s): java-1.7.0-oracle
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27068
 
Oval ID: oval:org.mitre.oval:def:27068
Title: RHSA-2014:1658: java-1.6.0-sun security update (Important)
Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4288, CVE-2014-6457, CVE-2014-6458, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6517, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 85 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1658-00
CVE-2014-4288
CVE-2014-6457
CVE-2014-6458
CVE-2014-6492
CVE-2014-6493
CVE-2014-6502
CVE-2014-6503
CVE-2014-6504
CVE-2014-6506
CVE-2014-6511
CVE-2014-6512
CVE-2014-6515
CVE-2014-6517
CVE-2014-6531
CVE-2014-6532
CVE-2014-6558
Version: 5
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 7
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27144
 
Oval ID: oval:org.mitre.oval:def:27144
Title: RHSA-2014:1633: java-1.7.0-openjdk security and bug fix update (Important)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: * The TLS/SSL implementation in OpenJDK previously failed to handle Diffie-Hellman (DH) keys with more than 1024 bits. This caused client applications using JSSE to fail to establish TLS/SSL connections to servers using larger DH keys during the connection handshake. This update adds support for DH keys with size up to 2048 bits. (BZ#1148309) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1633-00
CESA-2014:1633
CVE-2014-6457
CVE-2014-6502
CVE-2014-6504
CVE-2014-6506
CVE-2014-6511
CVE-2014-6512
CVE-2014-6517
CVE-2014-6519
CVE-2014-6531
CVE-2014-6558
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27150
 
Oval ID: oval:org.mitre.oval:def:27150
Title: RHSA-2014:1620: java-1.7.0-openjdk security and bug fix update (Important)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This update also fixes the following bug: * The TLS/SSL implementation in OpenJDK previously failed to handle Diffie-Hellman (DH) keys with more than 1024 bits. This caused client applications using JSSE to fail to establish TLS/SSL connections to servers using larger DH keys during the connection handshake. This update adds support for DH keys with size up to 2048 bits. (BZ#1148309) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1620-00
CESA-2014:1620
CVE-2014-6457
CVE-2014-6502
CVE-2014-6504
CVE-2014-6506
CVE-2014-6511
CVE-2014-6512
CVE-2014-6517
CVE-2014-6519
CVE-2014-6531
CVE-2014-6558
Version: 3
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
CentOS Linux 6
CentOS Linux 7
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27157
 
Oval ID: oval:org.mitre.oval:def:27157
Title: RHSA-2014:1634: java-1.6.0-openjdk security and bug fix update (Important)
Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: * The TLS/SSL implementation in OpenJDK previously failed to handle Diffie-Hellman (DH) keys with more than 1024 bits. This caused client applications using JSSE to fail to establish TLS/SSL connections to servers using larger DH keys during the connection handshake. This update adds support for DH keys with size up to 2048 bits. (BZ#1148309) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1634-00
CESA-2014:1634
CVE-2014-6457
CVE-2014-6502
CVE-2014-6504
CVE-2014-6506
CVE-2014-6511
CVE-2014-6512
CVE-2014-6517
CVE-2014-6519
CVE-2014-6531
CVE-2014-6558
Version: 3
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 5
CentOS Linux 5
CentOS Linux 6
CentOS Linux 7
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28097
 
Oval ID: oval:org.mitre.oval:def:28097
Title: SUSE-SU-2014:1549-1 -- Security update for java-1_7_1-ibm (important)
Description: java-1_7_1-ibm was updated to version 1.7.1_sr1.2 to fix 21 security issues. These security issues were fixed: - Unspecified vulnerability in Oracle Java (CVE-2014-3065). - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue (CVE-2014-3566). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT (CVE-2014-6513). - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2014-6456). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532 (CVE-2014-6503). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503 (CVE-2014-6532). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-4288). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-6493). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6492). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6458). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6466). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-6506). - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527 (CVE-2014-6476). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment (CVE-2014-6515). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D (CVE-2014-6511). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries (CVE-2014-6531). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6512). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE (CVE-2014-6457). - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476 (CVE-2014-6527). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6502). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security (CVE-2014-6558).
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1549-1
CVE-2014-3065
CVE-2014-3566
CVE-2014-6513
CVE-2014-6456
CVE-2014-4288
CVE-2014-6493
CVE-2014-6532
CVE-2014-6503
CVE-2014-6492
CVE-2014-6458
CVE-2014-6466
CVE-2014-6506
CVE-2014-6527
CVE-2014-6476
CVE-2014-6515
CVE-2014-6511
CVE-2014-6531
CVE-2014-6512
CVE-2014-6457
CVE-2014-6502
CVE-2014-6558
Version: 3
Platform(s): SUSE Linux Enterprise Server 12
Product(s): java-1_7_1-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28214
 
Oval ID: oval:org.mitre.oval:def:28214
Title: IBM SDK Java Technology Edition vulnerability
Description: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6558
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28236
 
Oval ID: oval:org.mitre.oval:def:28236
Title: DSA-3077-1 -- openjdk-6 security update
Description: Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.
Family: unix Class: patch
Reference(s): DSA-3077-1
CVE-2014-6457
CVE-2014-6502
CVE-2014-6504
CVE-2014-6506
CVE-2014-6511
CVE-2014-6512
CVE-2014-6517
CVE-2014-6519
CVE-2014-6531
CVE-2014-6558
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28342
 
Oval ID: oval:org.mitre.oval:def:28342
Title: DSA-3080-1 -- openjdk-7 security update
Description: Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.
Family: unix Class: patch
Reference(s): DSA-3080-1
CVE-2014-6457
CVE-2014-6502
CVE-2014-6504
CVE-2014-6506
CVE-2014-6511
CVE-2014-6512
CVE-2014-6517
CVE-2014-6519
CVE-2014-6531
CVE-2014-6558
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): openjdk-7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28619
 
Oval ID: oval:org.mitre.oval:def:28619
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6558
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 5
Application 5
Application 2

Nessus® Vulnerability Scanner

Date Description
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1422-1.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-96.nasl - Type : ACT_GATHER_INFO
2015-03-17 Name : The remote application server is affected by multiple vulnerabilities.
File : websphere_7_0_0_37.nasl - Type : ACT_GATHER_INFO
2015-02-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0264.nasl - Type : ACT_GATHER_INFO
2015-02-16 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201502-12.nasl - Type : ACT_GATHER_INFO
2014-12-01 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_7_0-ibm-141121.nasl - Type : ACT_GATHER_INFO
2014-12-01 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-141119.nasl - Type : ACT_GATHER_INFO
2014-12-01 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3080.nasl - Type : ACT_GATHER_INFO
2014-11-28 Name : The remote AIX host has a version of Java SDK installed that is affected by m...
File : aix_java_oct2014_advisory.nasl - Type : ACT_GATHER_INFO
2014-11-27 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3077.nasl - Type : ACT_GATHER_INFO
2014-11-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1882.nasl - Type : ACT_GATHER_INFO
2014-11-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1880.nasl - Type : ACT_GATHER_INFO
2014-11-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1881.nasl - Type : ACT_GATHER_INFO
2014-11-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1877.nasl - Type : ACT_GATHER_INFO
2014-11-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1876.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_7_0-openjdk-141024.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1636.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1658.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1657.nasl - Type : ACT_GATHER_INFO
2014-11-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141015_java_1_8_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-10-27 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-209.nasl - Type : ACT_GATHER_INFO
2014-10-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2388-2.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2388-1.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141015_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141015_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141015_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1636.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-432.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-431.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-430.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2386-1.nasl - Type : ACT_GATHER_INFO
2014-10-16 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1620.nasl - Type : ACT_GATHER_INFO
2014-10-16 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1620.nasl - Type : ACT_GATHER_INFO
2014-10-16 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1633.nasl - Type : ACT_GATHER_INFO
2014-10-16 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1634.nasl - Type : ACT_GATHER_INFO
2014-10-16 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1633.nasl - Type : ACT_GATHER_INFO
2014-10-15 Name : The remote Windows host contains a programming platform that is affected by m...
File : oracle_java_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO
2014-10-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1636.nasl - Type : ACT_GATHER_INFO
2014-10-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1634.nasl - Type : ACT_GATHER_INFO
2014-10-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1633.nasl - Type : ACT_GATHER_INFO
2014-10-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1620.nasl - Type : ACT_GATHER_INFO
2014-10-15 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1634.nasl - Type : ACT_GATHER_INFO
2014-10-15 Name : The remote Windows host contains a programming platform that is affected by m...
File : oracle_jrockit_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO
2014-10-15 Name : The remote Unix host contains a programming platform that is affected by mult...
File : oracle_java_cpu_oct_2014_unix.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/70544
CONFIRM http://linux.oracle.com/errata/ELSA-2014-1633.html
http://linux.oracle.com/errata/ELSA-2014-1634.html
http://linux.oracle.com/errata/ELSA-2014-1636
http://www-01.ibm.com/support/docview.wss?uid=swg21688283
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10092
DEBIAN http://www.debian.org/security/2014/dsa-3077
http://www.debian.org/security/2014/dsa-3080
GENTOO http://security.gentoo.org/glsa/glsa-201502-12.xml
HP http://marc.info/?l=bugtraq&m=141775382904016&w=2
REDHAT http://rhn.redhat.com/errata/RHSA-2014-1620.html
http://rhn.redhat.com/errata/RHSA-2014-1633.html
http://rhn.redhat.com/errata/RHSA-2014-1634.html
http://rhn.redhat.com/errata/RHSA-2014-1636.html
http://rhn.redhat.com/errata/RHSA-2014-1657.html
http://rhn.redhat.com/errata/RHSA-2014-1658.html
http://rhn.redhat.com/errata/RHSA-2014-1876.html
http://rhn.redhat.com/errata/RHSA-2014-1877.html
http://rhn.redhat.com/errata/RHSA-2014-1880.html
http://rhn.redhat.com/errata/RHSA-2014-1881.html
http://rhn.redhat.com/errata/RHSA-2014-1882.html
http://rhn.redhat.com/errata/RHSA-2015-0264.html
SECUNIA http://secunia.com/advisories/60414
http://secunia.com/advisories/60416
http://secunia.com/advisories/60417
http://secunia.com/advisories/61018
http://secunia.com/advisories/61020
http://secunia.com/advisories/61143
http://secunia.com/advisories/61163
http://secunia.com/advisories/61164
http://secunia.com/advisories/61346
http://secunia.com/advisories/61609
http://secunia.com/advisories/61629
http://secunia.com/advisories/61631
http://secunia.com/advisories/61928
SUSE http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html
UBUNTU http://www.ubuntu.com/usn/USN-2386-1
http://www.ubuntu.com/usn/USN-2388-1
http://www.ubuntu.com/usn/USN-2388-2

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
Date Informations
2020-05-23 00:42:08
  • Multiple Updates
2017-01-03 09:22:54
  • Multiple Updates
2016-04-27 01:11:18
  • Multiple Updates
2015-05-21 13:31:38
  • Multiple Updates
2015-03-27 13:28:33
  • Multiple Updates
2015-03-21 00:26:27
  • Multiple Updates
2015-03-20 00:26:28
  • Multiple Updates
2015-03-18 13:27:20
  • Multiple Updates
2015-03-18 09:27:35
  • Multiple Updates
2015-03-17 09:26:33
  • Multiple Updates
2015-02-27 21:24:03
  • Multiple Updates
2015-02-26 13:24:18
  • Multiple Updates
2015-02-21 09:24:04
  • Multiple Updates
2015-02-17 13:25:02
  • Multiple Updates
2014-12-12 09:24:24
  • Multiple Updates
2014-12-07 09:26:19
  • Multiple Updates
2014-12-03 09:27:28
  • Multiple Updates
2014-12-01 13:27:11
  • Multiple Updates
2014-11-29 13:27:20
  • Multiple Updates
2014-11-28 13:27:35
  • Multiple Updates
2014-11-22 13:24:05
  • Multiple Updates
2014-11-21 21:25:11
  • Multiple Updates
2014-11-21 13:25:09
  • Multiple Updates
2014-11-20 09:23:59
  • Multiple Updates
2014-11-13 13:27:15
  • Multiple Updates
2014-11-08 13:31:59
  • Multiple Updates
2014-11-05 13:29:36
  • Multiple Updates
2014-11-05 13:28:04
  • Multiple Updates
2014-10-31 13:25:53
  • Multiple Updates
2014-10-28 13:27:06
  • Multiple Updates
2014-10-28 13:24:56
  • Multiple Updates
2014-10-25 13:25:31
  • Multiple Updates
2014-10-24 13:27:53
  • Multiple Updates
2014-10-24 13:25:36
  • Multiple Updates
2014-10-20 13:24:59
  • Multiple Updates
2014-10-18 13:26:16
  • Multiple Updates
2014-10-18 00:23:16
  • Multiple Updates
2014-10-17 13:25:33
  • Multiple Updates
2014-10-16 13:25:45
  • Multiple Updates
2014-10-16 05:27:36
  • First insertion