CVE-2014-6587

Опубликовано: 20 янв. 2015

Источник: redhat

CVSS2: 4.1

EPSS Низкий

Описание

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	java-1.8.0-openjdk	Not affected
Red Hat Enterprise Linux 7	java-1.8.0-oracle	Not affected
Oracle Java for Red Hat Enterprise Linux 5	java-1.7.0-oracle	Fixed	RHSA-2015:0079	22.01.2015
Oracle Java for Red Hat Enterprise Linux 5	java-1.6.0-sun	Fixed	RHSA-2015:0086	26.01.2015
Oracle Java for Red Hat Enterprise Linux 6	java-1.7.0-oracle	Fixed	RHSA-2015:0079	22.01.2015
Oracle Java for Red Hat Enterprise Linux 6	java-1.8.0-oracle	Fixed	RHSA-2015:0080	22.01.2015
Oracle Java for Red Hat Enterprise Linux 6	java-1.6.0-sun	Fixed	RHSA-2015:0086	26.01.2015
Oracle Java for Red Hat Enterprise Linux 7	java-1.7.0-oracle	Fixed	RHSA-2015:0079	22.01.2015
Oracle Java for Red Hat Enterprise Linux 7	java-1.6.0-sun	Fixed	RHSA-2015:0086	26.01.2015
Red Hat Enterprise Linux 5	java-1.7.0-openjdk	Fixed	RHSA-2015:0068	20.01.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1183715OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)

EPSS

Процентиль: 39%

0.00167

Низкий

4.1 Medium

CVSS2

Связанные уязвимости

CVE-2014-6587

ubuntu

больше 10 лет назад

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

CVE-2014-6587

nvd

больше 10 лет назад

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

CVE-2014-6587

debian

больше 10 лет назад

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allow ...

GHSA-6v6g-fc35-c9jw

github

больше 3 лет назад

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

ELSA-2015-0085

oracle-oval

больше 10 лет назад

ELSA-2015-0085: java-1.6.0-openjdk security update (IMPORTANT)

EPSS

Процентиль: 39%

0.00167

Низкий

4.1 Medium

CVSS2