CVE-2014-0411

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 5.0u55, 6u65, and 7u45 JRockit versions R27.7.7 and R28.2.9 Java SE Embedded version 7u45 OpenJDK version 7

Description The issue affects confidentiality and integrity via vectors related to JSSE, allowing remote attackers to exploit it. There are claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake. The vulnerability is related to subcomponents of the Java Runtime Environment and the Java Development Kit, specifically the JSSE subcomponent.

Recommendations For Oracle Java SE versions 5.0u55, 6u65, and 7u45, consider updating to a newer version to mitigate the risk. For JRockit versions R27.7.7 and R28.2.9, consider updating to a newer version to mitigate the risk. For Java SE Embedded version 7u45, consider updating to a newer version to mitigate the risk. For OpenJDK version 7, consider updating to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the JSSE subcomponent until a patch is available.