CVE-2014-6587

Опубликовано: 20 янв. 2015

Источник: redhat

CVSS2: 4.1

Описание

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	java-1.8.0-openjdk	Not affected
Red Hat Enterprise Linux 7	java-1.8.0-oracle	Not affected
Oracle Java for Red Hat Enterprise Linux 5	java-1.7.0-oracle	Fixed	RHSA-2015:0079	22.01.2015
Oracle Java for Red Hat Enterprise Linux 5	java-1.6.0-sun	Fixed	RHSA-2015:0086	26.01.2015
Oracle Java for Red Hat Enterprise Linux 6	java-1.7.0-oracle	Fixed	RHSA-2015:0079	22.01.2015
Oracle Java for Red Hat Enterprise Linux 6	java-1.8.0-oracle	Fixed	RHSA-2015:0080	22.01.2015
Oracle Java for Red Hat Enterprise Linux 6	java-1.6.0-sun	Fixed	RHSA-2015:0086	26.01.2015
Oracle Java for Red Hat Enterprise Linux 7	java-1.7.0-oracle	Fixed	RHSA-2015:0079	22.01.2015
Oracle Java for Red Hat Enterprise Linux 7	java-1.6.0-sun	Fixed	RHSA-2015:0086	26.01.2015
Red Hat Enterprise Linux 5	java-1.7.0-openjdk	Fixed	RHSA-2015:0068	20.01.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1183715OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)

4.1 Medium

CVSS2

Связанные уязвимости

CVE-2014-6587

ubuntu

около 11 лет назад

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

CVE-2014-6587

nvd

около 11 лет назад

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

CVE-2014-6587

debian

около 11 лет назад

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allow ...

GHSA-6v6g-fc35-c9jw

github

больше 3 лет назад

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

ELSA-2015-0085

oracle-oval

около 11 лет назад

ELSA-2015-0085: java-1.6.0-openjdk security update (IMPORTANT)

4.1 Medium

CVSS2