Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-0423

Опубликовано: 15 янв. 2014
Источник: nvd
CVSS2: 5.5
EPSS Низкий

Описание

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding.

Комментарий

Per: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

"Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service."

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oracle:jrockit:r27.7.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jrockit:r28.2.9:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:oracle:jre:1.7.0:update45:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:oracle:jdk:1.6.0:update65:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update65:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:oracle:jdk:1.5.0:update55:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.5.0:update55:*:*:*:*:*:*

EPSS

Процентиль: 40%
0.00182
Низкий

5.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2014-0423

ubuntu
больше 11 лет назад

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding.

redhat логотип

CVE-2014-0423

redhat
больше 11 лет назад

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding.

debian логотип

CVE-2014-0423

debian
больше 11 лет назад

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JR ...

github логотип

GHSA-3pf2-g488-cwrg

github
около 3 лет назад

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding.

fstec логотип

BDU:2014-00485

fstec
больше 11 лет назад

Уязвимость средства разработки приложений Java Development Kit, позволяющая удаленному злоумышленнику нарушить конфиденциальность и целостность данных

EPSS

Процентиль: 40%
0.00182
Низкий

5.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo