Описание
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 6b30-1.13.1-1ubuntu1 |
| lucid | released | 6b30-1.13.1-1ubuntu2~0.10.04.1 |
| precise | released | 6b30-1.13.1-1ubuntu2~0.12.04.1 |
| quantal | released | 6b30-1.13.1-1ubuntu2~0.12.10.1 |
| raring | ignored | end of life, was deferred |
| saucy | released | 6b30-1.13.1-1ubuntu2~0.13.10.1 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 7u51-2.4.4-1ubuntu1 |
| lucid | DNE | |
| precise | released | 7u51-2.4.4-0ubuntu0.12.04.2 |
| quantal | released | 7u51-2.4.4-0ubuntu0.12.10.2 |
| raring | released | 7u51-2.4.4-0ubuntu0.13.04.2 |
| saucy | released | 7u51-2.4.4-0ubuntu0.13.10.1 |
| upstream | released | 7u51-2.4.4-1 |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance.
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance.
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Ja ...
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance.
Уязвимость средства разработки приложений Java Development Kit, позволяющая удаленному злоумышленнику нарушить конфиденциальность и целостность данных
EPSS
5 Medium
CVSS2