Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-0416

Опубликовано: 14 янв. 2014
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7java-1.6.0-openjdkNot affected
Red Hat Enterprise Linux 7java-1.7.0-openjdkNot affected
Red Hat Enterprise Linux 7java-1.7.0-oracleNot affected
Oracle Java for Red Hat Enterprise Linux 5java-1.6.0-sunFixedRHSA-2014:041417.04.2014
Oracle Java for Red Hat Enterprise Linux 6java-1.6.0-sunFixedRHSA-2014:041417.04.2014
Red Hat Enterprise Linux 5java-1.7.0-openjdkFixedRHSA-2014:002715.01.2014
Red Hat Enterprise Linux 5java-1.6.0-openjdkFixedRHSA-2014:009727.01.2014
Red Hat Enterprise Linux 6java-1.7.0-openjdkFixedRHSA-2014:002615.01.2014
Red Hat Enterprise Linux 6java-1.6.0-openjdkFixedRHSA-2014:009727.01.2014
Red Hat Network Satellite Server v 5.4java-1.6.0-ibmFixedRHSA-2014:098229.07.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1051912OpenJDK: insecure subject principals set handling (JAAS, 8024306)

EPSS

Процентиль: 86%
0.02765
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-0416

ubuntu
больше 11 лет назад

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance.

nvd логотип

CVE-2014-0416

nvd
больше 11 лет назад

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance.

debian логотип

CVE-2014-0416

debian
больше 11 лет назад

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Ja ...

github логотип

GHSA-jj69-rwgw-8vmj

github
около 3 лет назад

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance.

fstec логотип

BDU:2014-00454

fstec
больше 11 лет назад

Уязвимость средства разработки приложений Java Development Kit, позволяющая удаленному злоумышленнику нарушить конфиденциальность и целостность данных

EPSS

Процентиль: 86%
0.02765
Низкий

4.3 Medium

CVSS2