PT-2014-1256 · Oracle+6 · Jrockit+9

Publicado

2014-04-15

·

Atualizado

2024-06-15

·

CVE-2014-2398

CVSS v2.0

3.5

Baixa

VetorAV:N/AC:M/Au:S/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Java SE versions 5.0u61, 6u71, 7u51, and 8 JavaFX version 2.2.51 JRockit versions R27.8.1 and R28.3.1
Description The issue allows remote authenticated users to affect the integrity of data using the Javadoc component. This can lead to data corruption. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.
Recommendations For Java SE versions 5.0u61, 6u71, 7u51, and 8, consider disabling the Javadoc component until a patch is available. For JavaFX version 2.2.51, restrict access to the Javadoc component to minimize the risk of exploitation. For JRockit versions R27.8.1 and R28.3.1, avoid using the Javadoc component in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-461

Identificadores relacionados

BDU:2014-00479
BDU:2014-00480
BDU:2014-00481
CESA-2014_0406
CESA-2014_0408
CVE-2014-2398
DSA-2912-1
DSA-2923-1
HPSBUX03091
HPSBUX03092
MGASA-2014-0189
OPENSUSE-SU-2024:10534-1
RHSA-2014:0406
RHSA-2014:0407
RHSA-2014:0408
RHSA-2014:0412
RHSA-2014:0413
RHSA-2014:0414
RHSA-2014:0486
RHSA-2014:0508
RHSA-2014:0509
RHSA-2014:0675
RHSA-2014:0685
RHSA-2014:0705
RHSA-2014:0982
RHSA-2014_0406
RHSA-2014_0407
RHSA-2014_0408
RHSA-2014_0412
RHSA-2014_0413
RHSA-2014_0414
RHSA-2014_0486
RHSA-2014_0508
RHSA-2014_0509
RHSA-2014_0675
RHSA-2014_0685
RHSA-2014_0705
USN-2187-1
USN-2191-1

Produtos afetados

Centos
Hp-Ux
Ibm Aix
Jrockit
Java Platform
Java Se
Javafx
Red Hat
Suse
Ubuntu