PT-2014-1242 · Oracle+6 · Oracle Java Se+8

Publicado

2014-01-15

·

Atualizado

2024-06-15

·

CVE-2014-0376

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 5.0u55 through 7u45 Java SE Embedded version 7u45 OpenJDK 7
Description The issue allows remote attackers to affect the integrity of data via vectors related to JAXP. It is reportedly related to an improper check for code permissions when creating document builder factories, which could allow a remote attacker to compromise the confidentiality, integrity, and availability of data.
Recommendations For Oracle Java SE versions 5.0u55 through 7u45, update to a version that is not affected by this issue. For Java SE Embedded version 7u45, update to a version that is not affected by this issue. For OpenJDK 7, update to a version that is not affected by this issue. As a temporary workaround, consider restricting the use of the JAXP subcomponent until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-461

Identificadores relacionados

BDU:2014-00451
BDU:2014-00452
BDU:2014-00453
BDU:2014-00454
BDU:2014-00455
BDU:2014-00456
BDU:2014-00457
BDU:2014-00458
BDU:2014-00459
BDU:2014-00460
CESA-2014_0026
CESA-2014_0097
CVE-2014-0376
HPSBUX02972
HPSBUX02973
MGASA-2014-0023
OPENSUSE-SU-2024:10534-1
RHSA-2014:0026
RHSA-2014:0027
RHSA-2014:0030
RHSA-2014:0097
RHSA-2014:0134
RHSA-2014:0135
RHSA-2014:0136
RHSA-2014:0414
RHSA-2014:0705
RHSA-2014:0982
RHSA-2014_0026
RHSA-2014_0027
RHSA-2014_0030
RHSA-2014_0097
RHSA-2014_0134
RHSA-2014_0135
RHSA-2014_0136
RHSA-2014_0414
RHSA-2014_0705

Produtos afetados

Centos
Hp-Ux
Ibm Aix
Java Platform
Java Se Embedded
Openjdk
Oracle Java Se
Red Hat
Suse