PT-2014-1250 · Oracle+5 · Java Development Kit+10

Publicado

2014-04-15

·

Atualizado

2024-06-15

·

CVE-2014-2403

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Java SE versions 6u71, 7u51, and 8 Java SE Embedded version 7u51
Description The issue is related to the JAXP subcomponent of the Java Development Kit and Java Runtime Environment, allowing a remote attacker to compromise data confidentiality, integrity, and availability. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. Technical details include the exploitation of the JAXP subcomponent, but specific API endpoints, vulnerable parameters, or function names are not provided.
Recommendations For Java SE versions 6u71, 7u51, and 8, and Java SE Embedded version 7u51, consider disabling the JAXP subcomponent as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-461

Identificadores relacionados

BDU:2014-00467
BDU:2014-00468
CESA-2014_0406
CESA-2014_0408
CVE-2014-2403
DSA-2912-1
DSA-2923-1
HPSBUX03091
HPSBUX03092
MGASA-2014-0189
OPENSUSE-SU-2024:10534-1
RHSA-2014:0406
RHSA-2014:0407
RHSA-2014:0408
RHSA-2014:0412
RHSA-2014:0413
RHSA-2014:0414
RHSA-2014:0675
RHSA-2014:0685
RHSA-2014_0406
RHSA-2014_0407
RHSA-2014_0408
RHSA-2014_0412
RHSA-2014_0413
RHSA-2014_0414
RHSA-2014_0675
RHSA-2014_0685
USN-2187-1
USN-2191-1

Produtos afetados

Centos
Hp-Ux
Jaxp
Java Development Kit
Java Platform
Java Runtime Environment
Java Se
Java Se Embedded
Red Hat
Suse
Ubuntu