Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-0376

Опубликовано: 14 янв. 2014
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an improper check for "code permissions when creating document builder factories."

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7java-1.6.0-openjdkNot affected
Red Hat Enterprise Linux 7java-1.7.0-openjdkNot affected
Red Hat Enterprise Linux 7java-1.7.0-oracleNot affected
Oracle Java for Red Hat Enterprise Linux 5java-1.6.0-sunFixedRHSA-2014:041417.04.2014
Oracle Java for Red Hat Enterprise Linux 6java-1.6.0-sunFixedRHSA-2014:041417.04.2014
Red Hat Enterprise Linux 5java-1.7.0-openjdkFixedRHSA-2014:002715.01.2014
Red Hat Enterprise Linux 5java-1.6.0-openjdkFixedRHSA-2014:009727.01.2014
Red Hat Enterprise Linux 6java-1.7.0-openjdkFixedRHSA-2014:002615.01.2014
Red Hat Enterprise Linux 6java-1.6.0-openjdkFixedRHSA-2014:009727.01.2014
Red Hat Network Satellite Server v 5.4java-1.6.0-ibmFixedRHSA-2014:098229.07.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1051923OpenJDK: document builder missing security checks (JAXP, 8027201, 8025018)

EPSS

Процентиль: 81%
0.01578
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-0376

ubuntu
почти 12 лет назад

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an improper check for "code permissions when creating document builder factories."

nvd логотип

CVE-2014-0376

nvd
почти 12 лет назад

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an improper check for "code permissions when creating document builder factories."

debian логотип

CVE-2014-0376

debian
почти 12 лет назад

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Ja ...

github логотип

GHSA-vw24-mx3m-5g44

github
больше 3 лет назад

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an improper check for "code permissions when creating document builder factories."

fstec логотип

BDU:2014-00452

fstec
почти 12 лет назад

Уязвимость средства разработки приложений Java Development Kit, позволяющая удаленному злоумышленнику нарушить конфиденциальность и целостность данных

EPSS

Процентиль: 81%
0.01578
Низкий

4.3 Medium

CVSS2